Cryptam // document analysis


Sample Details

original filename: PPTTOOLS.PPA

size: 482816 bytes
submitted: 2018-10-04 19:05:25
md5: dac918f5da41d39c54b8f16ca8101d2d
sha1: 9fcec88faa3cf0b398a41a92a1452553a95f2101
sha256: 39f1a2cb5b3093f8f616c00e4d16d4286d5b401bffdcf833943ec8292255900c
ssdeep: 6144:1JG9YCqXJhF3UHNGnPJRR5BjTbN1TyoIrVKWEPG:1JC8FEAnPl5BjpIkW
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.99 s
result: malware [32]
embedded executable: found

signature hits:

43870: suspicious.office Visual Basic macro
341643: string.GetModuleHandleA
341155: string.RegOpenKeyExA
341331: string.RegDeleteKeyA


Strings

raw strings
decrypted raw strings