Cryptam // document analysis


Sample Details

original filename: 9361e12b1435a12b13ef4824ac9896a7.virus

size: 318464 bytes
submitted: 2017-08-08 10:27:07
md5: 9361e12b1435a12b13ef4824ac9896a7
sha1: 57c103e5be9dbd6e7d617e7d13d9d1d0017fc1c2
sha256: d3b58ed9ec3b730396dee16552a2d4d03272233caafc4291c958c83d00d6d939
ssdeep: 6144:TU540uqp6NquL5XAqVw/P46vxFClwyccCYBQAZSy9yfjY5bBqlE:TU5T3Gy/P4ACmBpWSrfUklE
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 11.20 s
result: malware [82]
embedded executable: found

signature hits:

222368: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
222421: exploit.office embedded Visual Basic execute shell command Wscript.Shell
293850: exploit.office embedded Visual Basic accessing file OpenTextFile
297162: suspicious.office Visual Basic macro
267415: string.CloseHandle
221118: string.shell32.dll


Strings

raw strings
decrypted raw strings