Cryptam // document analysis


Sample Details

original filename: Bo Ta Ong Lon 2.xls

size: 4472832 bytes
submitted: 2017-07-12 11:32:02
md5: f66f1183abb3ca804d91b8df2ed7cb76
sha1: d93f078ff8a4886521d4cfd2c34381fdc242298a
sha256: ca0f2e93cdaaceac2ccf4064ebf47b0089c5ae3a99dc7481e5eb6d227fc5713d
ssdeep: 24576:HC15ThOnEXy4Kt+DHOFH6UBVVhr0cp0BuLeqn7KSWwsGlJc:0h4B+of3AgT7KZwVlJc
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 16.12 s
result: malware [42]
embedded executable: found

signature hits:

4344849: exploit.office embedded Visual Basic execute shell command Wscript.Shell
4411614: suspicious.office Visual Basic macro
4425492: string.shell32.dll
4323261: string.vbs On Error Resume Next
dropped.file vbs 252bdccf6c394efde16f22d646576612 / 413656 bytes / @ 4059176


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 4059176
md5: 252bdccf6c394efde16f22d646576612
sha1: a6cabf8c930dbf04d6de5f4092802c5842fbda32
sha256: ea1adc2b5db1647e7ebb674d3c7604403b66a065c60612a4f0153f91a8a5f28a
view strings