Cryptam // document analysis


Sample Details

original filename: vbaProject.bin

size: 676864 bytes
submitted: 2017-09-09 11:13:19
md5: 231e015ed1507725ec47e8cc506104e0
sha1: 15aca5352f97b1925e19acece9be750c5c13f67e
sha256: c08893b039e9e7db8370a66ca24efdf7f5b8c7075659fdebcf14f9c533790760
ssdeep: 6144:RJifExQhjM/7iBHW9jgJAYpU/EApd45QYfM:vtUYSW9UJBUGM
content/type: Composite Document File V2 Document, No summary info
analysis time: 98.05 s
result: malware [32]
embedded executable: found

signature hits:

492664: exploit.office embedded Visual Basic execute shell command Wscript.Shell
614110: suspicious.office Visual Basic macro
630008: string.shell32.dll
dropped.file vbs 85f0fc267781c59cb558a55b38e0948d / 536248 bytes / @ 140616


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 140616
md5: 85f0fc267781c59cb558a55b38e0948d
sha1: 79a970fdad1ac5d0f6963e715c56dfa76b6339d3
sha256: 5e901981380ee00ac7429582112fb4071fc784373620e755d6135d6f274dce5d
view strings