Cryptam // document analysis


Sample Details

original filename: fa139b7b9b325e5749f15b6a3395bd73.virus

size: 183808 bytes
submitted: 2017-07-12 17:42:13
md5: fa139b7b9b325e5749f15b6a3395bd73
sha1: 59bf01d238a4ab9f3c696f92aa26fef654c50c52
sha256: 7641f3bb66bf565b1f67ebd289cd736755a77989fefa179bf015ce15d2d9685f
ssdeep: 3072:E+Qn6c7yRms1H757aZMgsCq6NqTBun5oEN2jcc0lbxOrAM7nT3c:pQn6c7yRms1H757aZMgsCq6NqTBun5or
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.14 s
result: malware [72]
embedded executable: found

signature hits:

134449: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
135033: exploit.office embedded Visual Basic execute shell command Wscript.Shell
141542: exploit.office embedded Visual Basic accessing file OpenTextFile
171276: suspicious.office Visual Basic macro
131739: string.vbs On Error Resume Next
dropped.file vbs 11320558aef0bc23c9778e57f994faeb / 45661 bytes / @ 138147


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 138147
md5: 11320558aef0bc23c9778e57f994faeb
sha1: 541a02fb2829da8fd84f1cf458d969e9362ea62c
sha256: a5b03319cc8593bb6242e85d672c6b1cb25225f7640426ca4eb0ebdb4272458b
view strings