Cryptam // document analysis


Sample Details

original filename: Labels.xla

size: 723968 bytes
submitted: 2017-08-08 10:43:06
md5: bcb76db9fca498b968fe49a6a0e1c628
sha1: e6d360caed13817c0d07d08f115bf9a96bbcb08e
sha256: a191b62d1a8d898f45c70f1bb4db039bd083105da33743968a127ff7fe366825
ssdeep: 12288:xGpFaWC9D0cRd1hbpiUQc8D8btndNztUHd6w0amDN0CTZLcmslpeY/jh9ZQg17cj:xQFah9RRdbPQc8D8bpdNmHd6w0asN0Cl
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 26.68 s
result: malware [82]
embedded executable: found

signature hits:

218212: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
179734: exploit.office embedded Visual Basic execute shell command Wscript.Shell
568796: exploit.office embedded Visual Basic accessing file OpenTextFile
555742: suspicious.office Visual Basic macro
206423: string.URLDownloadToFileA
284033: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings