Cryptam // document analysis


Sample Details

original filename: 060.vir

size: 175618 bytes
submitted: 2017-08-08 09:30:51
md5: 6ad1bf20ca0ec27f4e75d850b4af27fa
sha1: 46c8ed5fda81e65d013f14e35b3b4380b33352da
sha256: 4e38e627ae21f1a85aa963ca990a66cf75789b450605fdca2f31ee6f0f8ab8f2
ssdeep: 1536:Rg1e92YISfU2BnJYBzA4k4u0wq4/Ax4ybidHxqorqr9EcA:Rg1e92YdxneVM45IybWxcA
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 5.83 s
result: malware [92]
embedded executable: found

signature hits:

115227: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
115075: exploit.office embedded Visual Basic execute shell command Wscript.Shell
121042: suspicious.office Visual Basic macro
93054: exploit.office VB Macro auto execute
107259: string.CloseHandle
107095: string.CreateFileA
107323: string.RegOpenKeyExA


Strings

raw strings
decrypted raw strings