Cryptam // document analysis


Sample Details

original filename: GLM_DU TOAN_HT CHONG SET_2017-06-16.xls

size: 2768896 bytes
submitted: 2017-07-12 11:03:03
md5: e457fabe1a22cb77aaaed55230713cf2
sha1: 4dcf8079a5171a908958134912056159abc14607
sha256: a3995fc365dd8c94ff7ebefec77913e78109d1eb7192c3cce5cf9164b2b94708
ssdeep: 12288:0FVx15jkDQN2NQ/jZMEkg2pJ0BUkzbn4quKcjvoWWRQDrLz7nrzG0pwWQcZje9DD:wx159YSwcRWftZK9DWysiAm
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 4.11 s
result: malware [32]
embedded executable: found

signature hits:

2551928: exploit.office embedded Visual Basic execute shell command Wscript.Shell
2702558: suspicious.office Visual Basic macro
2286151: string.shell32.dll
dropped.file vbs a04c688b40e07289169c8136156e20e4 / 435545 bytes / @ 2333351


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 2333351
md5: a04c688b40e07289169c8136156e20e4
sha1: d9ee7b6bf75fa2a6e74ae35be17e7b4ff03c1af6
sha256: 17942c617dc2863cd7e92f8df9d82b4eb5ec06a3cf5b3da4181d8eb645ed8ed6
view strings