Cryptam // document analysis


Sample Details

original filename: zytl.txt

size: 114128 bytes
submitted: 2019-06-13 06:06:48
md5: 03d7efadbaec03535b624fff2f17c4b0
sha1: 12861e7c1273237898ea50aa636669e6c31b8e7b
sha256: 4e72ea3298db63c7f1a634e4a643e7d3b60417b7d572d8096d7c1efa3c4d248d
ssdeep: 1536:syLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsQSz:syfkMY+BES09JXAnyrZalI+YQ
content/type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
analysis time: 0.48 s
result: malware [50]
embedded executable: found

signature hits:

113748: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
114071: exploit.office embedded Visual Basic execute shell command Wscript.Shell
113734: string.vbs CreateObject


Strings

raw strings
decrypted raw strings