Cryptam // document analysis


Sample Details

original filename: 9c1578d600f7cabe44494c7d64276638.virus

size: 1184768 bytes
submitted: 2017-07-12 17:54:56
md5: 9c1578d600f7cabe44494c7d64276638
sha1: a01e8094dbf27f3b6a55e5738bbafd1f019b3c6f
sha256: 8fb38e8679c5a222b80cfc55362223ce3d582ae1731043a3cd16b121597b647b
ssdeep: 6144:zFxER/vep2wFvHGMIB6RSy7wISxwWx/aR0fNLhs5Gz86kWzeA8jPDNr7VR7u/cNz:EVGT2dsJxy2PGM07U19xXvDoZLSqFy
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.82 s
result: malware [22]
embedded executable: found

signature hits:

1176914: suspicious.office Visual Basic macro
1164439: string.URLDownloadToFileA
1179487: string.shell32.dll


Strings

raw strings
decrypted raw strings