Cryptam // document analysis


Sample Details

original filename: vbaProject.bin

size: 44032 bytes
submitted: 2017-05-14 18:33:01
md5: fbcc65ee5b6a5762b50cd7d1197430d0
sha1: 8e647c660f4b3a1db5fa239b35cf630a6b69c933
sha256: b37cd11b9eaac9b06a05556ad780de2feed53a8bb02ab94c3c7e1e22c28f569b
ssdeep: 768:T8auU6fE9UbQvpqIu9RL+6liNih7QQxkFFXwnf:TKM9UbQx+1Yih7QnFFXwf
content/type: Composite Document File V2 Document, No summary info
analysis time: 0.44 s
result: malware [52]
embedded executable: found

signature hits:

31766: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
41451: exploit.office embedded Visual Basic execute shell command Wscript.Shell
35600: suspicious.office Visual Basic macro
24896: string.vbs impersonationLevel


Strings

raw strings
decrypted raw strings