Cryptam // document analysis


Sample Details

original filename: rt6.doc

size: 103936 bytes
submitted: 2019-12-19 22:00:38
md5: 7f06fe0374ee77ebcac1adcbd584ba68
sha1: 11fa3ac12d53d73f552d949a04ad3ab4f00cc0e1
sha256: 73057aa6ab03fc75be12ee33592348bf187ba086aa9a18d6eb7b26b9eb378daf
ssdeep: 3072:ok0oWK6yGryPgfKvNgihlnGzt+UoIQ8HNukc:okdyNK
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.73 s
result: malware [42]
embedded executable: found

signature hits:

83192: suspicious.office Visual Basic macro
11014: exploit.office VB Macro auto execute
26431: string.GetModuleHandleA
26451: string.GetProcAddress


Strings

raw strings
decrypted raw strings