Cryptam // document analysis


Sample Details

original filename: arnell_QXSL030417WN-deprotected.dotm

size: 43340 bytes
submitted: 2017-04-16 14:14:01
md5: a8e6a8115cc8ef8c4c013e4df4bbd6a0
sha1: f818edc3af29e5466c4ea2ec44a0e5af95147f57
sha256: 679a769108497845dcae19cbbd1f9c05646a14d7a714d99deba79b2d8f9ce594
ssdeep: 768:ZnPX6WdRZUIyUuBPfjSnjC+/8SmMCmmlkQDjUWnZvUhLUHU18jyHIm8:ZnPDTZL+fOe+E15aSjDnZWLUHU18jsIF
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [22]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 88d3d438203fbf5a4f5d196093be8bfa
vbaProject.bin.19090: suspicious.office Visual Basic macro
vbaProject.bin.3999: string.URLDownloadToFileA
vbaProject.bin.3734: string.shell32.dll


Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 88d3d438203fbf5a4f5d196093be8bfa
sha1: cad6a0baffc686f7341ca4e96fd6d0ba7e98a73e
sha256: 15a357b88860faec6f2f434050f9fe46ea0652819c324b266ee416f711ef8aab
view strings