Cryptam // document analysis


Sample Details

original filename: vbaProject.bin

size: 4658176 bytes
submitted: 2017-10-07 22:14:52
md5: dcfd8fe0adf31356774b468d23f2ec32
sha1: 38db4f96a4fd55f4233fd549a45452fea0c3b191
sha256: d9306ae4ff7c5c7515d0a17ca8997bdaae39feff728f3f3124a1bcd5a459c66a
ssdeep: 24576:o4w6g1hjW9rpRX+7WWQNJA/f+akmzIIkbBNv+i79fcWIUbfunbm/HLvfxqivAdXB:5n9NRXfvVrBzbbfybGHLIqiTC+bqiTC8
content/type: Composite Document File V2 Document, Cannot read section info
analysis time: 727.12 s
result: malware [70]
embedded executable: found

signature hits:

11636: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
672019: exploit.office embedded Visual Basic execute shell command Wscript.Shell
3725370: string.shell32.dll
2059475: string.vbs On Error Resume Next
2100909: string.vbs CreateObject


Strings

raw strings
decrypted raw strings