Cryptam // document analysis


Sample Details

original filename: 2f4f784c56307f1f27e602cb855bb852

size: 128512 bytes
submitted: 2017-09-09 11:59:26
md5: 2f4f784c56307f1f27e602cb855bb852
sha1: 18e2146522080fbba6218530d2f452f004016d80
sha256: 73676f14a803efe1b8f787e8f2bb2959392f012b45b280574cc261c8c0fb18ba
ssdeep: 1536:oC3Mv8nPHUqHVnM1LwPwAWv+KAPHSIQGwdAo8NpezxSv0i6n9/j6vqMo5wVr:oUPfBfHKYHIA+xTEvxww
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 44.04 s
result: malware [22]
embedded executable: found

signature hits:

121106: suspicious.office Visual Basic macro
24183: string.CloseHandle
24151: string.CreateFileA


Strings

raw strings
decrypted raw strings