Cryptam // document analysis



Sample Details

original filename: 1c7112f7330410d69014ffbe390598bb.virus

size: 272896 bytes
submitted: 2017-07-12 17:55:28
md5: 1c7112f7330410d69014ffbe390598bb
sha1: f1fdb5ba967321373b75c208231551fa8bd8d304
sha256: 9e0e47c16d1731460ca04d3749a12bcd15ae0f71e84f82e877102d1bee2ca211
ssdeep: 3072:wEptlZxCd1YTYSAY6SYvYDYvYXYIUDUreYFCkEoi/ieWvvPoROUVWfcjTxh1eyeV:wEwIaggROUVnXxuyeeefKMetG3VDEK
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 8.03 s
result: malware [12]
embedded executable: found

signature hits:

265682: suspicious.office Visual Basic macro
263224: xor_0xfd.not.string.vbs On Error Resume Next


Cryptanalysis


key length: 1 bytes
key:

zero space not replaced: yes
entropy: 100.00%
bitwise not: yes


Strings

raw strings
decrypted raw strings