Cryptam // document analysis


Sample Details

original filename: be964dd4d441534ceceae3cadc92506c.virus

size: 333824 bytes
submitted: 2017-06-14 05:07:05
md5: be964dd4d441534ceceae3cadc92506c
sha1: c35b2f15cdd7e2c542f32455d6055de1b562381a
sha256: 99b350d2bc6c59ba012038aa8a2e102b4b313279259d87cb9bf3424de8a50f93
ssdeep: 6144:GQn6c78Rmv1Jx57aZMmC60KDWm8AETgQEHicteEbh6Hk4v2K61WExiQ1WCV6rs:7EHbnR
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 7.43 s
result: malware [52]
embedded executable: found

signature hits:

285004: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
285588: exploit.office embedded Visual Basic execute shell command Wscript.Shell
325402: suspicious.office Visual Basic macro
282294: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings