Cryptam // document analysis


Sample Details

original filename: vbaProject.bin

size: 661504 bytes
submitted: 2017-04-16 05:42:01
md5: 2fee1cc0d9052a862e42fe1535e4cea3
sha1: 2bbcd1942242cb81239a2ddf1349d9867844aae0
sha256: 9041ddf0dd8c007a2c5b493d021775594c4b4448e49cd74e45109529ef44ea5e
ssdeep: 6144:9yNpD1pRffyIvjZ+cHuez4Fc3LhX0v3EsoJy29qQrPTAOELmDnE54J5t:QHDdfqJVezpLhkv3Mp9quTXELmDnE5E
content/type: Composite Document File V2 Document, No summary info
analysis time: 1.43 s
result: malware [62]
embedded executable: found

signature hits:

483607: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
483743: exploit.office embedded Visual Basic execute shell command Wscript.Shell
332439: suspicious.office Visual Basic macro
132348: string.URLDownloadToFileA
260379: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings