Cryptam // document analysis


Sample Details

original filename: 66628767ef5e0b6b9b4ceeee643a4ffe4bc16f61749d2e82b8543bb9f9952e33

size: 454144 bytes
submitted: 2017-07-12 11:03:01
md5: 02847ad37ec6b5ae152f649556ca2170
sha1: 39a6459c48fc04ed610c4d17e660a3d5b2493270
sha256: 66628767ef5e0b6b9b4ceeee643a4ffe4bc16f61749d2e82b8543bb9f9952e33
ssdeep: 6144:n/dR2t2rLtBt8VDQAO2wXIqj4tZIa14TSyl:/z2t2rLtTUDQh2wIqj4t22eSyl
content/type: Composite Document File V2 Document, No summary info
analysis time: 1.22 s
result: malware [52]
embedded executable: found

signature hits:

88246: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
409810: suspicious.office Visual Basic macro
229184: string.user32.dll
221983: string.shell32.dll
324349: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings