Cryptam // document analysis


Sample Details

original filename: 09 NHA BAO VE.xls

size: 3364864 bytes
submitted: 2017-09-09 10:50:49
md5: 114e70bc481242bdc1ab71b0800b258b
sha1: 27bb1db02f98e57891483bc23f0b398973908f06
sha256: f58582b883718a3587d66e95e61bbfb17a352fa1afeacbb53e107432af678fde
ssdeep: 12288:y9x15wo2mtQncJ0poQotSIdWOrItj3oT8417I2CNcC0H6W8Gm45Y8hNt+mj/y0Cr:Ax15LP5SItEVIXauyHY18qj91Q
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 403.89 s
result: malware [32]
embedded executable: found

signature hits:

3167360: exploit.office embedded Visual Basic execute shell command Wscript.Shell
3294430: suspicious.office Visual Basic macro
3310160: string.shell32.dll


Strings

raw strings
decrypted raw strings