Cryptam // document analysis


Sample Details

original filename: 0d47c92c9f137d7c7c2f36e9c0c6a52c

size: 160256 bytes
submitted: 2017-09-09 06:35:12
md5: 0d47c92c9f137d7c7c2f36e9c0c6a52c
sha1: c8f5f029fd0b8144a753f2d63d0e918fa7ec6beb
sha256: 5e0033ffb2c27b3129ef38e3382cb2dc7a5f977440477315187ee7d1e2f0a13d
ssdeep: 1536:JOHG3pRhRl7nnnnnNS7ZZVJ3SZfbKHmTri06XAf3lss2AAPHSIQnwdAo8NpezZSH:53pRhRTK9qVEAYHvA+ZTEvxww
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 27.36 s
result: malware [22]
embedded executable: found

signature hits:

152850: suspicious.office Visual Basic macro
55927: string.CloseHandle
55895: string.CreateFileA


Strings

raw strings
decrypted raw strings