Cryptam // document analysis


Sample Details

original filename: du toan ong nuoc su dung lai.xlsm

size: 1472315 bytes
submitted: 2017-09-09 11:24:24
md5: fe1d3effab6c375b77ec171246968f83
sha1: 8dbe61140a9fc9b0a5dedba33739e8bd901768f5
sha256: beb92ea6d18a24a46c681ce7e390af4df7e478d33b30288f64f08aa135161c21
ssdeep: 24576:c7Q0AdQEC40Gafv0Qj0Q4WOVCK/uTFfTLXKKVV1KfojgYc:cQ240GgPj0Q4WOr/YTLXP1KfCTc
content/type: Microsoft Excel 2007+
analysis time: 0.00 s
result: malware [32]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 231e015ed1507725ec47e8cc506104e0
vbaProject.bin.492664: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.614110: suspicious.office Visual Basic macro
vbaProject.bin.630008: string.shell32.dll
vbaProject.bin.dropped.file vbs 85f0fc267781c59cb558a55b38e0948d / 536248 bytes / @ 140616


Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 231e015ed1507725ec47e8cc506104e0
sha1: 15aca5352f97b1925e19acece9be750c5c13f67e
sha256: c08893b039e9e7db8370a66ca24efdf7f5b8c7075659fdebcf14f9c533790760
view strings

vbs at 140616
md5: 85f0fc267781c59cb558a55b38e0948d
sha1: 79a970fdad1ac5d0f6963e715c56dfa76b6339d3
sha256: 5e901981380ee00ac7429582112fb4071fc784373620e755d6135d6f274dce5d
view strings