Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
9836573f648dc41a43c678c5f443f0e9 view report LinPlug.relectro.VST.v1.0.0.x86.x64_ASSi-spaces.ru.zip 4219808 140 X 0 0
embedded.file setup.exe 6889400799b6e61a046b0b7726237b24
setup.exe.78: string.This program cannot be run in DOS mode
setup.exe.26612: string.LoadLibraryA
setup.exe.26072: string.GetModuleHandleA
setup.exe.26578: string.GetCommandLineA
setup.exe.27740: string.GetSystemMetrics
setup.exe.26036: string.GetProcAddress
setup.exe.26706: string.CreateProcessA
setup.exe.26216: string.CloseHandle
setup.exe.26744: string.CreateFileA
setup.exe.28298: string.RegOpenKeyExA
setup.exe.28282: string.RegDeleteKeyA
setup.exe.26836: string.KERNEL32
setup.exe.26524: string.ExitProcess
setup.exe.27286: string.CreateWindowExA
3bd677c1d0c179fbc9bd6c3837232327 view report vbaProject.bin 549888 32 X 0 0
349325: exploit.office embedded Visual Basic execute shell command Wscript.Shell
493790: suspicious.office Visual Basic macro
121644: string.shell32.dll
dropped.file vbs 378bc3c2b3ae948a15fc4292744d4117 / 407512 bytes / @ 142376
948fa802016092355ddda4963b292f17 view report u8Driver.zip 4353016 500 X 0 0
embedded.file ISSetup.dll 308c6aa7728c3fb9791d7c46f3432414
ISSetup.dll.78: string.This program cannot be run in DOS mode
ISSetup.dll.574338: string.LoadLibraryA
ISSetup.dll.574354: string.GetProcAddress
ISSetup.dll.479411: string.CloseHandle
embedded.file usbda.sys 45279be58e275e19353c758fb191134e
usbda.sys.78: string.This program cannot be run in DOS mode
embedded.file Driver Install 32bit.msi 47f3d1cb90e9ef276407375d90794c92
Driver Install 32bit.msi.83534: string.This program cannot be run in DOS mode
Driver Install 32bit.msi.102698: string.LoadLibraryA
Driver Install 32bit.msi.102138: string.GetModuleHandleA
Driver Install 32bit.msi.102176: string.GetCommandLineA
Driver Install 32bit.msi.102680: string.GetProcAddress
Driver Install 32bit.msi.562106: string.CreateProcessA
Driver Install 32bit.msi.388648: string.EnterCriticalSection
Driver Install 32bit.msi.102484: string.GetEnvironmentVariableA
Driver Install 32bit.msi.387960: string.CloseHandle
Driver Install 32bit.msi.562124: string.CreateFileA
Driver Install 32bit.msi.101884: string.user32.dll
Driver Install 32bit.msi.102802: string.KERNEL32
Driver Install 32bit.msi.102208: string.ExitProcess
Driver Install 32bit.msi.dropped.file exe 44aa431ca7ada96230a8d2740f68bb1a / 54784 bytes / @ 83456
Driver Install 32bit.msi.dropped.file exe 73f52211936fabc1c1fbce335292cd9d / 306688 bytes / @ 138240
Driver Install 32bit.msi.dropped.file exe 23f68f5b91ba70cd097668ce73f7c23a / 166912 bytes / @ 444928
Driver Install 32bit.msi.dropped.file exe 96300e2eccc8309c8e89b1c6bd3f3207 / 109568 bytes / @ 611840
embedded.file setup.exe 79998e1cfae282cbeb86a70be2582a68
setup.exe.78: string.This program cannot be run in DOS mode
setup.exe.496828: string.LoadLibraryA
setup.exe.497196: string.GetModuleHandleA
setup.exe.499820: string.GetCommandLineA
setup.exe.498116: string.GetSystemMetrics
setup.exe.496858: string.GetProcAddress
setup.exe.496408: string.CreateProcessA
setup.exe.499630: string.EnterCriticalSection
setup.exe.499952: string.GetEnvironmentVariableA
setup.exe.495834: string.CloseHandle
setup.exe.495876: string.CreateFileA
setup.exe.536572: string.Advapi32.dll
setup.exe.498970: string.RegOpenKeyExA
setup.exe.500844: string.RegDeleteKeyA
setup.exe.440600: string.user32.dll
setup.exe.497420: string.KERNEL32
setup.exe.496372: string.ExitProcess
setup.exe.497496: string.GetMessageA
setup.exe.497510: string.CreateWindowExA
embedded.file Driver Install 64-bit.msi 2c3f04ccc01dc4d08d3f0abab8315f5d
Driver Install 64-bit.msi.83534: string.This program cannot be run in DOS mode
Driver Install 64-bit.msi.102698: string.LoadLibraryA
Driver Install 64-bit.msi.102138: string.GetModuleHandleA
Driver Install 64-bit.msi.102176: string.GetCommandLineA
Driver Install 64-bit.msi.102680: string.GetProcAddress
Driver Install 64-bit.msi.1020858: string.CreateProcessA
Driver Install 64-bit.msi.701266: string.EnterCriticalSection
Driver Install 64-bit.msi.102484: string.GetEnvironmentVariableA
Driver Install 64-bit.msi.700882: string.CloseHandle
Driver Install 64-bit.msi.1020876: string.CreateFileA
Driver Install 64-bit.msi.101884: string.user32.dll
Driver Install 64-bit.msi.102802: string.KERNEL32
Driver Install 64-bit.msi.102208: string.ExitProcess
Driver Install 64-bit.msi.dropped.file exe f2e1bcbfe1b7f05734b3d66c479b5cf7 / 54784 bytes / @ 83456
Driver Install 64-bit.msi.dropped.file exe 47716457c759fe8b2f5ac6fb65240a38 / 660992 bytes / @ 138240
Driver Install 64-bit.msi.dropped.file exe e6a1e10077425a6b0dc549a07489a80f / 104448 bytes / @ 799232
Driver Install 64-bit.msi.dropped.file exe 0640a38f8973a529aab2d12d5025168d / 181760 bytes / @ 903680
Yara:
fake_user_agent gh0st
3990352a2dd7503a244ff67c961564ac view report vbaProject.bin 705024 32 X 0 0
496522: exploit.office embedded Visual Basic execute shell command Wscript.Shell
648962: suspicious.office Visual Basic macro
133785: string.shell32.dll
dropped.file vbs 700ba2c98b9c312e32af478c77be560c / 489627 bytes / @ 215397
ac410d4c44cf3deef7b47f5bc32370d7 view report /1/f/b/fb7445830633e980a8b2dd198e8903fd99cb45b4fb0e82d849539f5f81c38a9f.file 718410 166 X 0 0
embedded.file EDIAPV.HLP 09c64abd7f3c30c4a08dc30406d3a30b
embedded.file E1Screen.frm 0044d1ba9da298af5d4ea84f0876f255
E1Screen.frm.75104: string.GetSystemMetrics
E1Screen.frm.75756: string.CloseHandle
embedded.file E9shapes.frm dc8e07c826c96f325b1afde48669d98e
embedded.file VPGRW32.DLL e2b960b8f34f218c1207487ecf4bea04
VPGRW32.DLL.78: string.This program cannot be run in DOS mode
VPGRW32.DLL.63028: string.LoadLibraryA
VPGRW32.DLL.62622: string.GetCommandLineA
VPGRW32.DLL.63732: string.GetSystemMetrics
VPGRW32.DLL.63010: string.GetProcAddress
VPGRW32.DLL.62340: string.CloseHandle
VPGRW32.DLL.62376: string.CreateFileA
VPGRW32.DLL.61716: string.user32.dll
VPGRW32.DLL.63144: string.KERNEL32
VPGRW32.DLL.62568: string.ExitProcess
embedded.file E3Lists.frm be81a74f121ddefd7bef611e4a6a59b8
embedded.file EAsteps.frm 13de19121453e30cc797ba520c5caf8d
embedded.file eGlob.bas 8f7de7bbb6781cd8888a6c4a0a984519
eGlob.bas.29880: string.GetSystemMetrics
eGlob.bas.28802: string.CloseHandle
eGlob.bas.28358: string.CreateFileA
eGlob.bas.29818: string.user32.dll
embedded.file E8gear.frm 348f005497474698cc3eef16aae0f605
embedded.file eTest.bas 24e48fa76c5e1ec4c8f361b0f3d3bfcf
c77fcd25e9f3b646b5207548a13faacd view report 0f0a35af3623dbdfdb0f9d265fa14d5788358f207c5a6727ec3f596e09fad8a6 577972 18 X 0 0
embedded.file vbaProject.bin 39ec9355fdde5e99e7ac22c6e4c20a9a
vbaProject.bin.155362: suspicious.office Visual Basic macro
vbaProject.bin.113885: string.vbs On Error Resume Next
embedded.file activeX19.xml 9c4c200a6097bc4c4032935eea561ae5
activeX19.xml.56: suspicious.office activeX
embedded.file activeX3.xml e7a5e13ce6bb041147c1b611a27393f0
activeX3.xml.56: suspicious.office activeX
embedded.file activeX10.xml 30ea09e5be9a732575c2fea76252358e
activeX10.xml.56: suspicious.office activeX
1b974a29ebaee50b8a756bd5fb4ecd55 view report CFE-FACTURA484094.doc 222208 32 X 0 0
218142: suspicious.office Visual Basic macro
199747: exploit.office VB Macro auto execute
220062: string.shell32.dll
7e6287868c4ebf14b512d2812501be26 view report jnethack-3.6.0-0.8-win.zip 3939096 420 X 0 0
embedded.file nhdefkey.dll f60d79c7a7b93d1640d69961194a92ca
nhdefkey.dll.78: string.This program cannot be run in DOS mode
nhdefkey.dll.372696: string.GetCommandLineA
nhdefkey.dll.372616: string.GetProcAddress
nhdefkey.dll.372514: string.EnterCriticalSection
nhdefkey.dll.373960: string.CloseHandle
nhdefkey.dll.374002: string.KERNEL32
nhdefkey.dll.315751: string.ExitProcess
embedded.file nhraykey.dll 581d51b94324d5c49d0e49b12880c4e8
nhraykey.dll.78: string.This program cannot be run in DOS mode
nhraykey.dll.373290: string.GetCommandLineA
nhraykey.dll.373210: string.GetProcAddress
nhraykey.dll.373108: string.EnterCriticalSection
nhraykey.dll.374578: string.CloseHandle
nhraykey.dll.374620: string.KERNEL32
nhraykey.dll.316287: string.ExitProcess
embedded.file JNetHack.exe 27a57fdb50f75bd98bc7f822623f9a01
JNetHack.exe.78: string.This program cannot be run in DOS mode
JNetHack.exe.3222614: string.LoadLibraryA
JNetHack.exe.3223572: string.GetCommandLineA
JNetHack.exe.3222596: string.GetProcAddress
JNetHack.exe.3223420: string.EnterCriticalSection
JNetHack.exe.3222554: string.CloseHandle
JNetHack.exe.3223092: string.KERNEL32
JNetHack.exe.3093083: string.ExitProcess
embedded.file JNetHackW.exe bc75bcb3e5fb25c0e59cc304b7c81b69
JNetHackW.exe.78: string.This program cannot be run in DOS mode
JNetHackW.exe.3293384: string.LoadLibraryA
JNetHackW.exe.3293334: string.GetCommandLineA
JNetHackW.exe.3293742: string.GetSystemMetrics
JNetHackW.exe.3293366: string.GetProcAddress
JNetHackW.exe.3295716: string.EnterCriticalSection
JNetHackW.exe.3296438: string.CloseHandle
JNetHackW.exe.3293494: string.RegOpenKeyExA
JNetHackW.exe.3293478: string.RegDeleteKeyA
JNetHackW.exe.3293414: string.KERNEL32
JNetHackW.exe.3163035: string.ExitProcess
JNetHackW.exe.3294622: string.GetMessageA
JNetHackW.exe.3293932: string.CreateWindowExA
embedded.file nh340key.dll cf8d446283bb8e45a79b58638eb9424a
nh340key.dll.78: string.This program cannot be run in DOS mode
nh340key.dll.372168: string.GetCommandLineA
nh340key.dll.372088: string.GetProcAddress
nh340key.dll.371986: string.EnterCriticalSection
nh340key.dll.373432: string.CloseHandle
nh340key.dll.373474: string.KERNEL32
nh340key.dll.315223: string.ExitProcess
09a28f08a3cc723cee999a75a8eb761f view report CFE-FACTURA412527.doc 222208 32 X 0 0
218206: suspicious.office Visual Basic macro
199747: exploit.office VB Macro auto execute
220040: string.shell32.dll
e7b109cc03303de92c1ad7d8c6a326c9 view report oleObject1.bin 7168 32 X 0 0
4928: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
4914: string.vbs CreateObject
dropped.file vbs ef2326a88b15a54fc5d9d3f0bc71d121 / 30 bytes / @ 2572
dropped.file vbs fdb3fbc35f999fbd750b51c3d7ef21c7 / 44 bytes / @ 2602
dropped.file vbs 22460d66e59a02e31fef9af18b5c2535 / 4522 bytes / @ 2646
ba7529ee0710bab68a0c88c437a3860f view report 2211dabca42d5dbbd5af0a560ccbe4f8aee73f776a731c08b2d26d398b3c8631 184320 12 X 0 0
155874: suspicious.office Visual Basic macro
114909: string.vbs On Error Resume Next
1678bd99d0433d42f7643cf167bc267b view report =?UTF-8?B?4YSG4YWu4Yar4YSM4YWi4YSL4YW14YarX+GEg+GFouGEkOGFqeGGvOGEheGFp+GGvF/hhIvhhazhhIDhha3hhIzhhaHhhIbhha7hhqvhhIDhhbPhhIXhha7hhrhf4YSA4YWu4Yao4YSG4YW14Yar4YSL4YWh4YSA4YWz4YSF4YWm4YSG4YWh4Ya8X+GEi+GFp+GGq+GEheGFoeGGqOGEjuGFpS5kb2M=?= 131072 22 X 0 0
121746: suspicious.office Visual Basic macro
123543: string.URLDownloadToFileA
128130: string.shell32.dll
6aa7a56f72b7188a30b8c05b77f47050 view report EDI IPJ Form-3675 Market St-8123168.xlsm 232281 12 X 0 0
embedded.file vbaProject.bin 2de13a50de2d3ef7bcf3d00713ce4429
vbaProject.bin.347862: suspicious.office Visual Basic macro
vbaProject.bin.144694: string.vbs On Error Resume Next
Yara:
office_vb_dropper
49eec3c5e26e425f2618b656dde0decd view report 01 - DT XLG2- rvel3.xls 3420160 32 X 0 0
3203665: exploit.office embedded Visual Basic execute shell command Wscript.Shell
3353868: suspicious.office Visual Basic macro
2910857: string.shell32.dll
f6fb3c99e6dbd277c6fc11a529962802 view report ManyToOneMailMerge Ver 15.1.dotm 735850 73 X 0 0
embedded.file vbaProject.bin 859db368108aad9e24a710172cf764ba
vbaProject.bin.757157: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.599543: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.1182490: suspicious.office Visual Basic macro
vbaProject.bin.675415: string.RegOpenKeyExA
vbaProject.bin.1212153: string.shell32.dll
vbaProject.bin.758189: string.vbs On Error Resume Next
embedded.file thumbnail.emf 4aa24505fa69929cdd2d3642c46dc060