Cryptam // document analysis


Sample Details

original filename: paradox_main222 - new.dotm

size: 207064 bytes
submitted: 2017-10-07 20:01:21
md5: 05676fc303dc804e4285817d1fc4b78a
sha1: 323480d82b1e39f05fa0f1cb3c33adbdb882fce0
sha256: 4caf36a25f8740d3e4ecbfb228bfa74e77c68d5717f385338cfc71a60ce66024
ssdeep: 6144:0lHBQCydTdAmLRku0ga3MD13tOdCWJX3p5JDl6:0lHfUzB0r3M5twCWFXX6
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [32]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 0ecaa48aa99b02cc41a1bf7168d23fbe
vbaProject.bin.63250: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.237782: suspicious.office Visual Basic macro
vbaProject.bin.65053: string.vbs On Error Resume Next


Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 0ecaa48aa99b02cc41a1bf7168d23fbe
sha1: 2232761cda9cae81ef9f7f123cd354457f6fa07b
sha256: fabe4053cb2c5dc8f959ab6e0c8372f6119cbf353182fd3bef32ecd5c92280f4
view strings