Cryptam // document analysis


Sample Details

original filename: c35e96019edbfc8cc5a11f7534770328f582386eae72904eb1cd3b032a0bae12_Terminotix_Toolbar.docx

size: 700108 bytes
submitted: 2018-06-16 14:26:35
md5: 737058df48f1f316faa77dfc8db53b4d
sha1: f97d8c6beb3f7e9d412da5751d16604134a9ee17
sha256: c35e96019edbfc8cc5a11f7534770328f582386eae72904eb1cd3b032a0bae12
ssdeep: 12288:nlJxkY0a+g2hY8d9H+hXuT4qWzyRfJMLWTuRZhvFfTgbz/rvrJeYm8A:nZko8d9H++4qW2CW2ebrI8A
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [102]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 73405fec88cebc9047c1ffd8e956dd8b
vbaProject.bin.441968: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.614308: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.636634: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.620758: suspicious.office Visual Basic macro
vbaProject.bin.639852: string.GetCommandLineA
vbaProject.bin.399889: string.user32.dll
vbaProject.bin.482083: string.GetMessageA
vbaProject.bin.529124: string.vbs On Error Resume Next


Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 73405fec88cebc9047c1ffd8e956dd8b
sha1: b3d9a01e437b7582030f085a3343f06a14e381ea
sha256: 2b1a77cc1cc052fc267d3639515ec62c0f010767d3b9dc087232b6b1c7c40d68
view strings