Cryptam // document analysis


Sample Details

original filename: e5d43ca7c85d50152283316adc8c94881a825097e5f3d44617db0511cdb70b3a.doc.bin

size: 532480 bytes
submitted: 2017-07-12 12:12:12
md5: 5821c009789b40df5ac9aa44a316f9fb
sha1: 43eadd6d5b8cb3a5899ad7cf95f94369cf0bb0ef
sha256: e5d43ca7c85d50152283316adc8c94881a825097e5f3d44617db0511cdb70b3a
ssdeep: 12288:UXP0K4hcaxJc9KmArzXIgqPIaeTs6r8zt3G9KmArzX/N9wy:CP0LhXxJg8Xbs/nt3q8X/
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.72 s
result: malware [42]
embedded executable: found

signature hits:

523020: suspicious.office Visual Basic macro
488975: exploit.office VB Macro auto execute
509015: string.URLDownloadToFileA
525568: string.shell32.dll


Strings

raw strings
decrypted raw strings