Cryptam // document analysis


Sample Details

original filename: 10. he thong pccc va chong set.xls

size: 3596800 bytes
submitted: 2017-07-12 09:44:02
md5: 169d6de343bb2ede2f7d89dd6297e23d
sha1: 06c06555e18ffecc03e44df92435a351d3de8637
sha256: ed56269de37a0d6337ae805a473e5356393d4b891b54bd8c3a054aa48c93a08c
ssdeep: 24576:aduvvPkC15NjtomBIwfL0sQhb/Uv45as0xMmwIUD:aQvlhTQFr3iMmwIk
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 4.83 s
result: malware [42]
embedded executable: found

signature hits:

3468817: exploit.office embedded Visual Basic execute shell command Wscript.Shell
3535582: suspicious.office Visual Basic macro
3549968: string.shell32.dll
3447677: string.vbs On Error Resume Next
dropped.file vbs 9bb12b040e674d13dd57f2abfcc8756a / 412632 bytes / @ 3184168


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 3184168
md5: 9bb12b040e674d13dd57f2abfcc8756a
sha1: 4ba9d898e8b3b1216da5ec4a62329b2007c99961
sha256: 8a3d5914795ff73c0629dd9ac7f76276e057f2d01b688cdf5251def46b4166ae
view strings