Cryptam // document analysis


Sample Details

original filename: 7c1f2825ea49d1f83ff83e0d6eb62025.virus

size: 70656 bytes
submitted: 2017-07-12 17:52:30
md5: 7c1f2825ea49d1f83ff83e0d6eb62025
sha1: db471d731dfdb1efecd548ecc36f252fbb994fdf
sha256: e383a41082416f0842247c895e9823d9de910c1d47f616cb950f34dd2ef89f39
ssdeep: 1536:xRB5UlvyErOaJ5+KtO11gxv7yZmspH7+cclKiEZClsQ6NqTBun5oKcg4pGC3/8Wn:x1gxv7yZmspH7+cclKisQ6NqTBun5oW+
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.39 s
result: malware [52]
embedded executable: found

signature hits:

47327: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
47911: exploit.office embedded Visual Basic execute shell command Wscript.Shell
62162: suspicious.office Visual Basic macro
44617: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings