Cryptam // document analysis


Sample Details

original filename: GLM_DUTOAN_SAN DUONG NOI BO_2017-06-16.xls

size: 2365440 bytes
submitted: 2017-07-12 11:12:46
md5: 2d5033e4250e082b8dff03d1e4a9bb21
sha1: 34c32e06276a6d403459c76c4cd207746dd428ca
sha256: d1f8a3e377c95617c6ce6f8136a17922887ee80edce8dd6156c9d96cd54ca17f
ssdeep: 12288:aAWx15WY280CyxMqu31WgU2lA3kCwrYgQUhV4jRDs1H4Vo42xURtgVfluqF8nWNf:Gx15n2EHvOV0yg488nwDJT
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.97 s
result: malware [42]
embedded executable: found

signature hits:

2223700: exploit.office embedded Visual Basic execute shell command Wscript.Shell
2321630: suspicious.office Visual Basic macro
1999365: string.shell32.dll
2035069: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings