Cryptam // document analysis


Sample Details

original filename: 852dd1da3e8bfea2a9b9d9184e9435d9

size: 1213440 bytes
submitted: 2017-09-09 07:24:25
md5: 852dd1da3e8bfea2a9b9d9184e9435d9
sha1: b29b55ef46c6c2dbc7a2fe1aba5d9e0cd300e280
sha256: ec99632310813a4567ad678890e47a64c013750dc525c3d6bed3400152cea074
ssdeep: 24576:g4W9KrZjxtTC1vKCVw4VY3gsbRHUOqFxIL2wOU3CAUM/YhfVRMnk:gSdVAKGqbRHxAxW2wX3H+L
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 301.83 s
result: malware [52]
embedded executable: found

signature hits:

1187858: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
1188442: exploit.office embedded Visual Basic execute shell command Wscript.Shell
1199348: suspicious.office Visual Basic macro
1185148: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings