Cryptam // document analysis


Sample Details

original filename: vbaProject.bin

size: 44032 bytes
submitted: 2017-05-14 19:44:02
md5: 9464f7c4de6cf078123946f9f885c90c
sha1: c67fd3330dff61f9d7b2904582591f2aecc6f4fe
sha256: 366f5c0c9570c877fc3259313fbe69278d3fcfeb5fd425d63fab64279efac995
ssdeep: 768:u8alaTPhspUbIypqIu9jL+6liNih7QQxDFFxnrD:uQPmpUbI8A1Yih7QkFFxrD
content/type: Composite Document File V2 Document, No summary info
analysis time: 0.49 s
result: malware [52]
embedded executable: found

signature hits:

31766: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
41451: exploit.office embedded Visual Basic execute shell command Wscript.Shell
35600: suspicious.office Visual Basic macro
24896: string.vbs impersonationLevel


Strings

raw strings
decrypted raw strings