Cryptam // document analysis


Sample Details

original filename: myvtfile.exe

size: 275968 bytes
submitted: 2017-10-07 19:19:16
md5: 5b0618bca142490ecfcb4d4c07a773a5
sha1: a135188943c82d636f61f8e57eefab5b8a29893b
sha256: 587fcf9002438fcb7dff274ba9d21f559f5c7d32b69a165451e0023b94adcfa0
ssdeep: 3072:BVIf9CZ6NVs1U3j0XZ3F039Ekt9tIWkB+wOuwHbUHbwq1gUh7fVLhsiiwD90AIL4:BVIf9CrPe3myDcZ/wpSzP99I
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 76.31 s
result: malware [64]
embedded executable: found

signature hits:

263766: suspicious.office Visual Basic macro
17488: suspicious.office Packager ClassID used by CVE-2014-6352 C
274005: exploit.office VB Macro auto execute
20641: string.This program cannot be run in DOS mode
56243: string.GetSystemMetrics
55629: string.KERNEL32
55467: string.ExitProcess
dropped.file exe 0b6014bde84cccbc293dad99d1d51a53 / 255405 bytes / @ 20563


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 20563
md5: 0b6014bde84cccbc293dad99d1d51a53
sha1: a4773b36038a5385e5eb8389ddc285ed0dda4d53
sha256: 63fc34bc635298806f9813224edd01762ff4c227e173623607a5dc8b3eb9f515
view strings