Cryptam // document analysis


Sample Details

original filename: 37205ef2b028552ff99d6d759f20a054.virus

size: 805888 bytes
submitted: 2017-07-12 17:43:27
md5: 37205ef2b028552ff99d6d759f20a054
sha1: 870758cf64165da40b0331e7b64e2facf95bed5d
sha256: 93535d95c9c8cb9158ea8c235baa1e5ca5955592bef0e4f2810b3addbc72eedb
ssdeep: 12288:xIo0wLVODI8E265CsClu9d/A6x/jg41l1JHaqj+wQG76YHWqvipRMTSJiA70Lpbk:XLVwI8Bl69Ag7g41vdhiG+bAb1
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.77 s
result: malware [22]
embedded executable: found

signature hits:

800978: suspicious.office Visual Basic macro
691319: string.CloseHandle
691287: string.CreateFileA


Strings

raw strings
decrypted raw strings