Cryptam // document analysis


Sample Details

original filename: 70b8d220469c8071029795d32ea91829f683e3fbbaa8b978a31a0974daee8aaf

size: 108917 bytes
submitted: 2014-10-14 05:32:42
md5: 330e8d23ab82e8a0ca6d166755408eb1
sha1: 22fbbcfa5646497e57ee238a180d1b367789984a
sha256: 70b8d220469c8071029795d32ea91829f683e3fbbaa8b978a31a0974daee8aaf
ssdeep: 1536:ZpN92FIdQ0dwcuLoEDlDc+Eupi+VfIagtYRmqLP0+SYqapUJhf8Zfdmk:ZpH2KQ0dcEYWl+9i+mquPVLEbZ
content/type: Microsoft OOXML
analysis time: 0.00 s
result: malware [22]
embedded file objects: yes

signature hits:

embedded.file oleObject2.bin 3a9805e76b8123018ec5ac8a56d3c438
oleObject2.bin.2068: exploit.office remote INF CVE-2014-4114 A
embedded.file slide1.xml 3c644275f1daf05ce077d136614b8f9c
slide1.xml.14530: suspicious.office OOXML Class used by CVE-2014-6352 D


Yara Tags

cve_2014_4114_inf

Strings

raw strings

Dropped Files

oleObject2.bin at zip
md5: 3a9805e76b8123018ec5ac8a56d3c438
sha1: f5ebab861500d3f15faa654de799b319f9fd1199
sha256: d0a821b9f65bb8fcdd1e00e80402cefbdeba391c5ca010240bedeb62175c8059
view strings

slide1.xml at zip
md5: 3c644275f1daf05ce077d136614b8f9c
sha1: 76fc9775b37f0737a716ccea80b7365896412bf8
sha256: 9e7851c8bbae04c77fa87e2e1da1ccf6cd46546ed6edb800d17315971ec67527
view strings