Cryptam // document analysis


Sample Details

original filename: iBungee_Data_Feed.xls

size: 5059584 bytes
submitted: 2017-08-08 11:45:10
md5: ea896a87f11a096eaae87d21913c3079
sha1: ba3e3492ac6a5ab4a45add5feecfdc37db79fb6c
sha256: e7b00747449c4e38b60866b3937f9c36762af236be7a08b045ad79a25082d180
ssdeep: 49152:csoi7aZOHVJnAD3ngccbTcfLTZVj6c9RSwtJfpoXDs5r:cXr8dKcUf6uSxs5r
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 146.50 s
result: malware [62]
embedded executable: found

signature hits:

1499771: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
2712274: suspicious.office Visual Basic macro
2320732: string.GetSystemMetrics
2428223: string.URLDownloadToFileA
2319344: string.shell32.dll
1577118: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings