Cryptam // document analysis


Sample Details

original filename: cade2c85af9cd20d09cd2cf40e797ca9.virus

size: 142848 bytes
submitted: 2017-08-08 08:45:16
md5: cade2c85af9cd20d09cd2cf40e797ca9
sha1: 6b4dfc9328313234db8f96b9d9bb9f15e7850385
sha256: fb7ef2bf3162a8f2b89a8b6a45839e3787f7d7fdc17e6a522e5769f7b84cd000
ssdeep: 1536:4fffig5jV1Vvc08qF5e+9nLf3HFbe28v5DvDISsqI9PQX9SaQLyesfy71BxoPRC+:OW9gv7rTWVbrzU7ITkcd2JtXwa5kJd
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 3.08 s
result: malware [72]
embedded executable: found

signature hits:

84856: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
85440: exploit.office embedded Visual Basic execute shell command Wscript.Shell
91933: exploit.office embedded Visual Basic accessing file OpenTextFile
130316: suspicious.office Visual Basic macro
82146: string.vbs On Error Resume Next
dropped.file vbs 74d27f45e05802afbf84a271739477cd / 19998 bytes / @ 88546
dropped.file vbs 96b400803689181178276f029bc41e5a / 34304 bytes / @ 108544


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 88546
md5: 74d27f45e05802afbf84a271739477cd
sha1: 06a2543952ba84138ff72c55b9d2c9d1046d2562
sha256: 94550d9dc4cfdf233e21819c1c7a321a5f2ebd207da435435b5a431e6103ec77
view strings

vbs at 108544
md5: 96b400803689181178276f029bc41e5a
sha1: 6ed601f2af258c68e2e16305359834ed3439b7dc
sha256: 87e807eea692ccfcf61ac0e76616e5e26c5a47be05b8b2f86c9ac24f3f0d378e
view strings