Cryptam // document analysis


Sample Details

original filename: 10160ecfe32a42adb40fb434647400f6.virus

size: 115200 bytes
submitted: 2017-08-08 08:45:39
md5: 10160ecfe32a42adb40fb434647400f6
sha1: 0f91d19117d8f07344d947b6f1e57445b0753faf
sha256: 378dd87ddc468f9636764f1a52295df851748ced3d5844e198ed4224924fafd8
ssdeep: 1536:nRRRssYn0KSDjDn5mo4zkyh1Ne6f3bB/3yx/u5G2jcc0lbxOvTgZEn88ycJtXwDx:Bi/3K2jcc0lbxOr7jBJtXw/l
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 3.08 s
result: malware [72]
embedded executable: found

signature hits:

66390: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
66974: exploit.office embedded Visual Basic execute shell command Wscript.Shell
73467: exploit.office embedded Visual Basic accessing file OpenTextFile
103634: suspicious.office Visual Basic macro
63168: string.vbs On Error Resume Next
dropped.file vbs c2394b5d25aab96aba6b79d04fe81ccc / 19998 bytes / @ 70080
dropped.file vbs d261ba07659fa797673bd2c6f7f2a78e / 25122 bytes / @ 90078


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 70080
md5: c2394b5d25aab96aba6b79d04fe81ccc
sha1: 2884265c5e382293cc6d01ee9d5bbfddcb56d64b
sha256: 63db90c87e956f717e9779092508990034124d134f306acd892fef085bdffec2
view strings

vbs at 90078
md5: d261ba07659fa797673bd2c6f7f2a78e
sha1: c17b4c527088fe525a02dcbeeff25759dec08b3e
sha256: 99bd530603ccc081010a1d7f5adb040f9e5c5f32dab68b5f1a9510a9ed148e1d
view strings