Cryptam // document analysis


Sample Details

original filename: GLM_DUTOAN_NHA AN_2017-06-16_OK.xls

size: 2578944 bytes
submitted: 2017-07-12 11:02:21
md5: c9a28c78364777660f73e19801bdc82d
sha1: cde36fd6617accd6f1e7c9abc76b2e95276771f3
sha256: fd0f839bfaf9f14a253e31f3c9508a8ffa5ec1ef9db82b3cf0d330ce5be448bb
ssdeep: 12288:qvLx15Wb649K9d2345S6O5d23vuVgH0pU41SiG1VYUgU21MKkhXrRoQ6bVxSaRsb:gx15IgmgCdZuXVKvSl3Wlq
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 3.33 s
result: malware [42]
embedded executable: found

signature hits:

2438025: exploit.office embedded Visual Basic execute shell command Wscript.Shell
2535134: suspicious.office Visual Basic macro
2221494: string.shell32.dll
2252861: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings