Cryptam // document analysis


Sample Details

original filename: vbaProject.bin

size: 40448 bytes
submitted: 2017-05-14 19:32:01
md5: 1ec87538ec7c7e8ff5881df7c7e7c671
sha1: 574916d69676a3afdbfaa619b36bd1283a010908
sha256: 69c91accc0e19f7de82f7cf4fdf1e268dadec945ae5726b67e2e2a92fde450a9
ssdeep: 768:DEwHWpgh3aD0UjOR2+FRWCYbZHnokPrAOzt4CGS7r5Nv:D9cD/C2mWC0ZI8J4fQ5B
content/type: Composite Document File V2 Document, No summary info
analysis time: 0.60 s
result: malware [52]
embedded executable: found

signature hits:

7538: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
38184: exploit.office embedded Visual Basic execute shell command Wscript.Shell
32528: suspicious.office Visual Basic macro
28536: string.vbs impersonationLevel


Strings

raw strings
decrypted raw strings