Cryptam // document analysis


Sample Details

original filename: 42f31e356b126440a5e9c9a1e6bae0af9c166f3849bbe4a19c20fd3897583914

size: 477314 bytes
submitted: 2017-07-12 11:02:02
md5: a15179b8646c87d71b3c62334e1ad730
sha1: ff98794297bd046f8535f867c774045373aff45c
sha256: 42f31e356b126440a5e9c9a1e6bae0af9c166f3849bbe4a19c20fd3897583914
ssdeep: 12288:P1y1PmrD1H4mi/3PWXorqGHyWYaessWikI68IO:P1aerRDi/eYrLHyWLsW468j
content/type: Microsoft Excel 2007+
analysis time: 0.00 s
result: malware [52]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 02847ad37ec6b5ae152f649556ca2170
vbaProject.bin.88246: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.409810: suspicious.office Visual Basic macro
vbaProject.bin.229184: string.user32.dll
vbaProject.bin.221983: string.shell32.dll
vbaProject.bin.324349: string.vbs On Error Resume Next


Yara Tags

office_vb_dropper

Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 02847ad37ec6b5ae152f649556ca2170
sha1: 39a6459c48fc04ed610c4d17e660a3d5b2493270
sha256: 66628767ef5e0b6b9b4ceeee643a4ffe4bc16f61749d2e82b8543bb9f9952e33
view strings