Cryptam // document analysis


Sample Details

original filename: 2.1 Thu tinh coc.xls

size: 3022848 bytes
submitted: 2017-07-12 09:44:09
md5: 8aed5fbcac2fa555315117dff19071c5
sha1: 06b3c66d5a94a98a20028f0649c8c35815fc15c1
sha256: 40a88712b28e5c6e81c6ee58465eb70a0acc14eb5d5d0ad7d9537ec9f1e54d8d
ssdeep: 49152:1QvU5Qu6meyL6gH3ZMmsTmvg85oDwFKwzmhk36VJyn4tGLcipkrG9oBWt2VOvLH+:1QvUdt2VOvb+
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 4.16 s
result: malware [42]
embedded executable: found

signature hits:

2894865: exploit.office embedded Visual Basic execute shell command Wscript.Shell
2961630: suspicious.office Visual Basic macro
2975504: string.shell32.dll
2873213: string.vbs On Error Resume Next
dropped.file vbs 42684a39d25ca9e945c97bd4d8eb3c06 / 413144 bytes / @ 2609704


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 2609704
md5: 42684a39d25ca9e945c97bd4d8eb3c06
sha1: e480d60fa69ca0ce14e20f517f55a2dc1bd50b44
sha256: ec0cc8b8e490373da87d760209bef3db441560362710a346fd86327c9e8ca172
view strings