Cryptam // document analysis


Sample Details

original filename: vbaProject.bin

size: 380416 bytes
submitted: 2017-10-07 20:00:11
md5: 0ecaa48aa99b02cc41a1bf7168d23fbe
sha1: 2232761cda9cae81ef9f7f123cd354457f6fa07b
sha256: fabe4053cb2c5dc8f959ab6e0c8372f6119cbf353182fd3bef32ecd5c92280f4
ssdeep: 6144:Fl5BKKmAJX7ojgvtokMhiRHi2X5T+r2FGFirWw826JaSS3qotfx/J5VaBCmJOB:Fl5MWJXykc25/MFirWw826JaSS3qkfxV
content/type: Composite Document File V2 Document, Cannot read section info
analysis time: 36.38 s
result: malware [32]
embedded executable: found

signature hits:

63250: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
237782: suspicious.office Visual Basic macro
65053: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings