Cryptam // document analysis


Sample Details

original filename: vbaProject.bin

size: 494080 bytes
submitted: 2017-06-14 07:37:03
md5: 098d1154f8547d04db6d709cf2d6c5ae
sha1: fce3b6fd6f9235129dd45e31c173b67b249188c0
sha256: abc119fcce5122fe70e28e7973ca5de5d60f567ec035437d3e02606a75e9a483
ssdeep: 12288:w2YCIR3AEe88tCuJEuxWvSTSMWu02ER9RzAit8vXXvc:w9zpojJEkWw02ER9RzAiqvXXvc
content/type: Composite Document File V2 Document, No summary info
analysis time: 20.12 s
result: malware [52]
embedded executable: found

signature hits:

376468: exploit.office embedded Visual Basic execute shell command Wscript.Shell
420116: suspicious.office Visual Basic macro
347503: string.LoadLibraryA
347366: string.CloseHandle
158570: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings