Cryptam // document analysis


Sample Details

original filename: 9a5af7e06a70a9cf14e47486e1df75d6

size: 134656 bytes
submitted: 2017-09-09 06:45:24
md5: 9a5af7e06a70a9cf14e47486e1df75d6
sha1: e6dafed60f23ace2db22bde9ac83fd99c095a097
sha256: 52ba1a69f7869130573069422e854b3d4e982b1b18619a4afc1d563e5bc31901
ssdeep: 1536:II3c9GfbKHmT2W35N8O11Hv+KAPHSIQGwdAo8NpezxSv0i6n9/j6vqMo5wVv:MWKOZrmKYHIA+xTEvxww
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 17.59 s
result: malware [22]
embedded executable: found

signature hits:

126738: suspicious.office Visual Basic macro
29815: string.CloseHandle
29783: string.CreateFileA


Strings

raw strings
decrypted raw strings