Cryptam // document analysis


Sample Details

original filename: Assignment1-appendix-a.rtf

size: 13487 bytes
submitted: 2017-03-15 21:52:06
md5: 04dbee6cdac68fb03ca98ab6f91c67b4
sha1: 95fa833066cbd8d14dbd898a5cefa7746cdb6fc3
sha256: 8dbd8cddbc18151391bb34f36c714c558369b0155a88ba5c34ac0ead7c225c79
ssdeep: 384:H9eKNqC0lC01NNooSs8uWwqJwlMpoG9rqaQXL8khb6llgJLhd:HQvft1Dokeqie
content/type: Rich Text Format data, version 1, ANSI
analysis time: 0.36 s
result: malware [80]
embedded executable: found

signature hits:

625: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
880: exploit.office embedded Visual Basic execute shell command Wscript.Shell
680: exploit.office embedded Visual Basic accessing file OpenTextFile
467: string.vbs On Error Resume Next
611: string.vbs CreateObject


Strings

raw strings
decrypted raw strings