Cryptam // document analysis


Sample Details

original filename: 11. He thong cap thoat nuoc sinh hoat.xls

size: 3744768 bytes
submitted: 2017-07-12 09:43:55
md5: ba5a406d161f3780e9d4d5b8ff9e74c6
sha1: 6ec29b10c6f5132fc83b7f98b56c36c7826e97d9
sha256: 9a527966b9fe5440ca9880d622e84aca37645bd34060b84dbd16cca521375930
ssdeep: 24576:nduvvQoC15zNaCB4IBPANfQMq7UYB2UEJ1w:nQvnBJm2UEJK
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 5.99 s
result: malware [42]
embedded executable: found

signature hits:

3616785: exploit.office embedded Visual Basic execute shell command Wscript.Shell
3683550: suspicious.office Visual Basic macro
3697424: string.shell32.dll
3595133: string.vbs On Error Resume Next
dropped.file vbs 15dd0df317c643a92e09b103bfa7c2d2 / 413144 bytes / @ 3331624


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 3331624
md5: 15dd0df317c643a92e09b103bfa7c2d2
sha1: 589f4b9f9612e9c45014f8e1d5dfaa0925ce2104
sha256: 59d91b947686ee1e3b1eb1656b43ef533fc0988a2c37fbd18cad60005b499d69
view strings