Cryptam // document analysis


Sample Details

original filename: f4d5c1b50ce954f25b8a2c342919f27c.virus

size: 100352 bytes
submitted: 2017-07-12 17:54:12
md5: f4d5c1b50ce954f25b8a2c342919f27c
sha1: beb23f6fca352cd2ce5315f4eeb2ff3b9771fc85
sha256: 34865be37e376d80b739944c9414bc00d232f83c2fbfa43522bc5a4333aac444
ssdeep: 1536:sOOOe8z3SybP0sHefaVPKX+k5GPAkp9PjeTHWShpSRfd2jcc0lbxOBCgZB6ITnO6:vr2jcc0lbxOs9hX1qCa0
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.97 s
result: malware [72]
embedded executable: found

signature hits:

55579: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
56163: exploit.office embedded Visual Basic execute shell command Wscript.Shell
62656: exploit.office embedded Visual Basic accessing file OpenTextFile
92980: suspicious.office Visual Basic macro
52869: string.vbs On Error Resume Next
dropped.file vbs ae9be9a965b7bf4cca4f3c6ffe874f7a / 41083 bytes / @ 59269


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 59269
md5: ae9be9a965b7bf4cca4f3c6ffe874f7a
sha1: d44ed9fb855f244f6075f442c4bfc08918e0ad7e
sha256: 78154611fc2afb2f0c84a1ec647238c6b71a266edfd07529618fc6c03ed31a48
view strings