Cryptam // document analysis


Sample Details

original filename: b85be272005bbf85c1e3352b6a6bd576

size: 88064 bytes
submitted: 2018-04-12 07:37:45
md5: b85be272005bbf85c1e3352b6a6bd576
sha1: ba9ab33a4914d43acbada029993c610b10ea5ff3
sha256: 3813c3826b4568d890d9f2fc2e112bcc42aafbb8a34e6f6b7b735c31fcb14614
ssdeep: 1536:vWWWt00WFW37DySxNiWhB4yajcZquGl6Nc7yRzs1H75wkZUMk5hmlsC2D5KyWmru:vl6Nc7yRzs1H75wkZUMjsC2D5KyWmrA9
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 4.44 s
result: malware [52]
embedded executable: found

signature hits:

64733: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
65317: exploit.office embedded Visual Basic execute shell command Wscript.Shell
79058: suspicious.office Visual Basic macro
61511: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings