Cryptam // document analysis


Sample Details

original filename: printerSettings.bin

size: 2235904 bytes
submitted: 2018-04-11 17:38:30
md5: e2e9fdd3a1baec065c5f392497232200
sha1: 7647a004f251c57a2340ea4c6fb06db14c1253c8
sha256: d937d357456d89c681b22c9af88a514d1c87259a0af9461a376150b34410675a
ssdeep: 24576:omHxH/+nJkXiq29eoY5V0bnZ4gtq/9+JCLf4LcuXZdAZe0bmURnLuptLGNLm:rHxHGkXiq2L7Z4Uq/
content/type: Composite Document File V2 Document, Cannot read section info
analysis time: 337.35 s
result: malware [42]
embedded executable: found

signature hits:

1884442: suspicious.office Visual Basic macro
254641: string.GetSystemMetrics
247188: string.URLDownloadToFileA
209023: string.user32.dll
97774: string.vbs On Error Resume Next
dropped.file vbs 3670ddfe11a379b27c23a919335ead89 / 872020 bytes / @ 1363884


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 1363884
md5: 3670ddfe11a379b27c23a919335ead89
sha1: 3e7271babcd97f94e698e380c4c3f5a3b5dacc2c
sha256: a6f334d9fb08e4865f2227d75edd8fc371f9b2a7f89315cd8f43c803e6f95cd1
view strings