Cryptam // document analysis


Sample Details

original filename: e97c7f8ec22eb1e9312d4d33d9d412a2d42b294e5285b29cf085eae9a23b521d_word_sample_20180820031943.doc

size: 32256 bytes
submitted: 2018-08-22 06:01:17
md5: a77ac5ed29a87244fbb943f90017a5f7
sha1: 66c18a7c235a0848124cf1aeda49776eb4c22a26
sha256: e97c7f8ec22eb1e9312d4d33d9d412a2d42b294e5285b29cf085eae9a23b521d
ssdeep: 192:FxljZEvA5w6/6rrILd/Kf3HO8tnjIqE6My0j8VRotAPGEPxSkzrEq0CrZq6a:9MiSUR/8dn5ey0j8Dot5ENVno
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.50 s
result: malware [72]
embedded executable: found

signature hits:

28693: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
28904: exploit.office embedded Visual Basic execute shell command Wscript.Shell
23766: suspicious.office Visual Basic macro
10666: exploit.office VB Macro auto execute
28882: string.vbs WScript


Strings

raw strings
decrypted raw strings