Cryptam // document analysis


Sample Details

original filename: 2.xla

size: 4778496 bytes
submitted: 2018-08-18 08:45:44
md5: d96f445bab36f236b0024778d57cafb6
sha1: e25a27f2fe6d84da04cde1b86ca4d0676f049d61
sha256: 0ae51f6d0d357d4fa084d7348b8df33040bcf56a159872d6943debaac1959c38
ssdeep: 24576:jWt5+QOlqO5A+d6L3nqnEJ2TCalD6jDU9li7trGXxp2MfPNEM/TJnwKdERh03D+K:Sv+Qgtg3z2Tx6tzMPNEM/TlKASs
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 7.52 s
result: malware [32]
embedded executable: found

signature hits:

4696346: suspicious.office Visual Basic macro
4438719: string.GetCommandLineA
4438651: string.RegOpenKeyExA
4438615: string.RegDeleteKeyA


Strings

raw strings
decrypted raw strings