Cryptam // document analysis


Sample Details

original filename: 5e5dab9a478e46ab7744197739b8cfa8

size: 130560 bytes
submitted: 2017-09-09 06:23:20
md5: 5e5dab9a478e46ab7744197739b8cfa8
sha1: 34b5022b46a568707159d72b61afd2bae27e1858
sha256: c8c9893826753eeabfc0f1da3a98e57391a85e80591b10b66e937ba5a6022ddb
ssdeep: 1536:Rf+35v8RKHmT2W35N8O11Hv+KAPHSIQGwdAo8NpezxSv0i6n9/j6vqMo5wV+:NZKOZrmKYHIA+xTEvxww
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 36.44 s
result: malware [22]
embedded executable: found

signature hits:

123154: suspicious.office Visual Basic macro
26231: string.CloseHandle
26199: string.CreateFileA


Strings

raw strings
decrypted raw strings