Cryptam // document analysis


Sample Details

original filename: ee5d8d12e83f273e52b2d5d8651632328ff6d9414d2bd7b61b857e66593a74cb_ryuoh-buppin.xls

size: 539136 bytes
submitted: 2019-02-04 21:48:31
md5: 19e632ab642d5b2ba5fe1412eb2786c3
sha1: bd7f573af46dc0c2f7c298ca523648d64de2b742
sha256: ee5d8d12e83f273e52b2d5d8651632328ff6d9414d2bd7b61b857e66593a74cb
ssdeep: 3072:rZdAgDtiPFFW9ywnohKnIb7KMkfn2HufGJW0Cu4SEiWkdjQJh0mwWD24a4WbXZl7:1DtKD1wnohK0qo4wfF/LPKtlx+7o
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.78 s
result: malware [12]
embedded executable: found

signature hits:

521480: suspicious.office Visual Basic macro
376639: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings