Cryptam // document analysis


Sample Details

original filename: Labels.xla

size: 647168 bytes
submitted: 2017-08-08 10:34:14
md5: a0a8e880b4ae7eea9f6a35915e45b8f6
sha1: d0f0f7c0d291d0d299106ef80659cf757ab52c48
sha256: b0ec60e3a057080a11ab9f5e63851461df44f89b6341abdee60071ebd5a699fc
ssdeep: 12288:RSzqWGidGhhgnXEG7tnTiF6vXqHqtfrCvy9/YBH13mYec3t1c1h7aIUkUbgf8NpA:RSzjGidggnXtpTiF6vXgqtfrCvyaJWcc
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 8.47 s
result: malware [82]
embedded executable: found

signature hits:

219691: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
174442: exploit.office embedded Visual Basic execute shell command Wscript.Shell
501102: exploit.office embedded Visual Basic accessing file OpenTextFile
488146: suspicious.office Visual Basic macro
207959: string.URLDownloadToFileA
259610: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings