Cryptam // document analysis


Sample Details

original filename: VirusShare_a9053c37a15b9e1cd5aea8112baefae1

size: 119296 bytes
submitted: 2017-05-14 18:22:02
md5: a9053c37a15b9e1cd5aea8112baefae1
sha1: 510c8afe864afb3e40ef0c626b14fe4fdd8e7615
sha256: 38c68fd0fcd6babacff13fc26082f88376e852870bee8d99ab97d030dd458f41
ssdeep: 3072:QDUWl6Nc7yRzs1H75wkZUgsgaRiXViz1UR5SEGvJ1oPWXScU/mUBVt1WVbrzQ7IW:Ul6Nc7yRzs1H75wkZUgsgaRiXViz1U+c
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.09 s
result: malware [72]
embedded executable: found

signature hits:

68019: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
68603: exploit.office embedded Visual Basic execute shell command Wscript.Shell
75096: exploit.office embedded Visual Basic accessing file OpenTextFile
110324: suspicious.office Visual Basic macro
65309: string.vbs On Error Resume Next
dropped.file vbs ea0c27817cee62bf970c45c52ab2a0e6 / 19998 bytes / @ 71709
dropped.file vbs 43e7dde5a9a99fae6dbcae9b9799957e / 27589 bytes / @ 91707


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 71709
md5: ea0c27817cee62bf970c45c52ab2a0e6
sha1: f7ef9a84eda3df07b921368ce2b4a3f7b78dc7d1
sha256: dbe09e3589d90c5778007850f52ffc29d1650d45ff65fd71f3c9348a7500f537
view strings

vbs at 91707
md5: 43e7dde5a9a99fae6dbcae9b9799957e
sha1: 416bf52745c3c5718693340bc7e4793ba62972cf
sha256: 0d699aac086fdf2471c48deb4f3ed0cdfa993e91b62c4a491d6b899a0f699db6
view strings