Cryptam // document analysis


Sample Details

original filename: 2c994774dac68c79324ab0e4f0873fe6

size: 128000 bytes
submitted: 2017-09-09 06:40:53
md5: 2c994774dac68c79324ab0e4f0873fe6
sha1: f4454a22ccf6f910a38d58545bffcefd2f2265c1
sha256: 6df0aeca398e2b0f4c8e2ad66a455990cc343451309a3fccbbc3aae6ea3dfc47
ssdeep: 1536:HwrTGfk4HABUn0EA3nYz6s2AAPHSIQHwdAo8NpezxSv0i6n9/j6vqMo5wVB:s4Fc4SAYHPA+xTEvxww
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 39.60 s
result: malware [22]
embedded executable: found

signature hits:

120594: suspicious.office Visual Basic macro
23671: string.CloseHandle
23639: string.CreateFileA


Strings

raw strings
decrypted raw strings