Cryptam // document analysis


Sample Details

original filename: imagenes785378.doc

size: 239104 bytes
submitted: 2017-09-09 11:24:22
md5: 63329416db33959d0846157fa8e69128
sha1: c44356f86c4e104c2cd35e3dbd178af1a4836d40
sha256: dc25316a804cb761d536ffaf7e1e18dc296b4f61bd1b1826fa4f2ded20f24b78
ssdeep: 6144:O/jqk5scX4SdQ6Gwv4YJfpUK7WnDnHiJ:kf4SdQ6GwDJBonHC
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 46.35 s
result: malware [42]
embedded executable: found

signature hits:

235230: suspicious.office Visual Basic macro
169273: exploit.office VB Macro auto execute
184919: string.URLDownloadToFileA
236940: string.shell32.dll


Strings

raw strings
decrypted raw strings