Cryptam // document analysis


Sample Details

original filename: 67a97b629d86511452a4c1900ef8eb8053c40d7e1de6bed1e65925f64a113212_memo03Ver.2.01.xls

size: 242176 bytes
submitted: 2018-06-02 09:14:47
md5: 2948690db1a4e9940ae8b6aced02e8d8
sha1: a7a22521940ee3b06533b7f47b9ffd0e7be8d383
sha256: 67a97b629d86511452a4c1900ef8eb8053c40d7e1de6bed1e65925f64a113212
ssdeep: 6144:25+5sNdUrE6jRtgBQ7uLP5mDF0RQYnct+rFGGRD2/p:2LY
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.79 s
result: malware [22]
embedded executable: found

signature hits:

113384: suspicious.office Visual Basic macro
69171: string.GetModuleHandleA
76019: string.RegOpenKeyExA


Strings

raw strings
decrypted raw strings