Cryptam // document analysis


Sample Details

original filename: 83362d70133c748231d0fc383e2c1b94c9e47a6355b87ae3e396b14acce7676d

size: 1022328 bytes
submitted: 2020-01-31 19:40:22
md5: 0c0bb59fc15c946d14d3958a83d8eea4
sha1: 82b46226f67f6a1327c559aebef690f3dc74889b
sha256: 83362d70133c748231d0fc383e2c1b94c9e47a6355b87ae3e396b14acce7676d
ssdeep: 24576:Ce/Ba3lBdyrn8OKylWIGWSP6VPPGmYBfDGJEgS1To03:Ce/rGWSP6VPPGmYBfDGJEgS9o03
content/type: Non-ISO extended-ASCII text, with CRLF line terminators
analysis time: 2.38 s
result: malware [102]
embedded executable: found

signature hits:

281797: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
43009: exploit.office embedded Visual Basic execute shell command Wscript.Shell
405176: exploit.office embedded Visual Basic accessing file OpenTextFile
401232: suspicious.script potential active content
31758: string.shell32.dll
941904: string.KERNEL32
14501: string.vbs On Error Resume Next
281783: string.vbs CreateObject


Strings

raw strings
decrypted raw strings