Cryptam // document analysis


Sample Details

original filename: Invoersheet-P2_38B75.xlsb

size: 2606480 bytes
submitted: 2017-05-14 21:32:06
md5: de9a045ef4b7d563eec3f5ec02f888da
sha1: 414862d51df7c02b88b1a6c0cea250836b56d932
sha256: f68c0e1d8e7568d58112c2d792b8b260f2892ed7fa8ef55c8578bcfa3b10dfeb
ssdeep: 49152:horhsugmpngdEMXRQ84Flt8DORD2L78sZxNC0gsyoYj9FJu5+orJ6G+rVyFv9/:apgmpgdtQ84FnZRSLY8NClsyoYjMHrlF
content/type: Microsoft Excel 2007+
analysis time: 0.00 s
result: malware [82]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 278173e9086c9c233307e05deb9cb41c
vbaProject.bin.136352: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.182518: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.1484317: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.1463538: suspicious.office Visual Basic macro
vbaProject.bin.1313891: string.URLDownloadToFileA
vbaProject.bin.443664: string.vbs On Error Resume Next


Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 278173e9086c9c233307e05deb9cb41c
sha1: 6ed63cf39bb2cc2a7596413ec693f8b9ca450ca4
sha256: 5efeb60622c22c7299ae9c555b35e3aaa741d00f4982406dca5c2c16f50c0007
view strings