Cryptam // document analysis


Sample Details

original filename: vbaProject.bin

size: 322048 bytes
submitted: 2018-02-08 17:06:01
md5: 07a4b8397bc0839246fbb2ab5fec7416
sha1: 24e1f69835fccac8d276f5c2c3d0e0f9794ecafb
sha256: dd873ec66183aeed8ca99574a154c92150e92875266bd54a5b7396cb083857ad
ssdeep: 6144:4QkZfOlRclq2FxPfYCHf4oOC+J7lEiFFuDrMSyWLQorl3BhbLecdELuTh7/pF:HkUbspELUh7/pF
content/type: Composite Document File V2 Document, Cannot read section info
analysis time: 0.75 s
result: malware [42]
embedded executable: found

signature hits:

19645: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
263924: suspicious.office Visual Basic macro
277433: string.shell32.dll
186721: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings