Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
fb338a2510c85adefce40c91ec4f85cf view report 8fa814e232eff22e98bf2dd5278fe52ed9d899d1 146942 70 X 0 0
1673: string.This program cannot be run in DOS mode
35677: string.LoadLibraryA
34817: string.GetCommandLineA
34973: string.GetProcAddress
35547: string.EnterCriticalSection
34749: string.KERNEL32
29182: string.ExitProcess
dropped.file exe 1a174da5a80f69fe81ed91deeca1543b / 145347 bytes / @ 1595
454445d8007458f81af5222980d954fe view report khai toan cho tan thuan 10-8-2017.xlsm 1134035 32 X 0 0
embedded.file vbaProject.bin 992fbcc0afe67f98d180ec08f5a06504
vbaProject.bin.476280: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.603858: suspicious.office Visual Basic macro
vbaProject.bin.619714: string.shell32.dll
a2ad14edcf5e46ebd722c722e08d0182 view report /1/7/1/71e867008f0c72c1ef42bbe955e61cda0b038e84969f4c09799f34f561f41975.file 1272694 32 X 0 0
embedded.file vbaProject.bin 9091256309c096e756da8ee061cc658e
vbaProject.bin.476792: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.603858: suspicious.office Visual Basic macro
vbaProject.bin.619722: string.shell32.dll
e22947d8e51c7f20e97d40142d6b3e27 view report exp_ThuAug100325522017c5828c49c33c5123ea9686ac44c968810920b.exe.doc 388674 12 X 4 0
5582: obfuscation.office RTF embedded Word Document
298820: string.This program cannot be run in DOS mode
dropped.file exe 0d158501d183b8d892ca1df8294c8a67 / 89932 bytes / @ 298742
984455c9192ad89c6fec5200bb87b324 view report /1/d/d/ddfdcca4fc22eb646d208cf3627bcd96b5fc52bea7f9a85dbe0653344012bbcb.file 7085402 94 X 0 0
embedded.file update.vbs.txt 63fe4da114798730bc4163b05c55b7f4
update.vbs.txt.503: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
update.vbs.txt.121: exploit.office embedded Visual Basic execute shell command Wscript.Shell
update.vbs.txt.977: exploit.office embedded Visual Basic accessing file OpenTextFile
update.vbs.txt.17: string.vbs On Error Resume Next
update.vbs.txt.99: string.vbs WScript
update.vbs.txt.489: string.vbs CreateObject
embedded.file D53X1056.6DF 3618b9e13674d9bb635a160dd7036fdd
embedded.file USF_FIT_VALUE_FRAM_1056.DAT d19f4be41ac629dcb003e8a9749af86a
embedded.file USF_SUSP_VALUE_FRAM_1056.DAT a360e10750fe35d51771d485aa64446f
embedded.file USF_CPUM_0221.MHX ee933990a95e6fdb70af39593a78ff1b
69fc359695966bd95b9ead388c8a76aa view report 293fda3af373d211e6b9fc05cd54f673d22913ca4f8130d836cf8953c27c6876 1116957 32 X 0 0
embedded.file vbaProject.bin 3ca7a4d48a34ef8427e481fafa1f24e3
vbaProject.bin.966949: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.1443554: suspicious.office Visual Basic macro
vbaProject.bin.1113300: string.vbs On Error Resume Next
389a49bacc725e3b1b810ad1ef0bee53 view report exp_ThuAug100316012017c582858ff4e7a696dcf99391aee2eb8eb83f0.exe.doc 384578 12 X 4 0
5582: obfuscation.office RTF embedded Word Document
322096: string.This program cannot be run in DOS mode
dropped.file exe 1b25e0e6aa50f35641f2248e3fb7fc2a / 62560 bytes / @ 322018
283847136455336b6effb987aa07d4da view report /1/b/5/b55cd4c07c4cfc03ab71d686b9f5470f6865db87f0c6f9e22af934199557c15d.file 4795590 520 X 0 0
embedded.file Microsoft.Practices.Unity.dll 6cf12122d85e800592947c99811b3824
Microsoft.Practices.Unity.dll.78: string.This program cannot be run in DOS mode
embedded.file SQLite.Interop.dll cc14bb6dc2321e93dc4c629e665efb12
SQLite.Interop.dll.78: string.This program cannot be run in DOS mode
SQLite.Interop.dll.892056: string.LoadLibraryA
SQLite.Interop.dll.1022672: string.GetCommandLineA
SQLite.Interop.dll.892336: string.GetProcAddress
SQLite.Interop.dll.1022090: string.EnterCriticalSection
SQLite.Interop.dll.892824: string.CloseHandle
SQLite.Interop.dll.892808: string.CreateFileA
SQLite.Interop.dll.1022440: string.KERNEL32
SQLite.Interop.dll.883155: string.ExitProcess
embedded.file System.Management.dll f8b5ac4e0cf5a355445acbcba53b6670
System.Management.dll.78: string.This program cannot be run in DOS mode
embedded.file System.Data.SQLite.dll 2501dd35903ab14af90de78498182227
System.Data.SQLite.dll.78: string.This program cannot be run in DOS mode
embedded.file QueenSoft.Vn.GroupSender.exe d5617e154c450503a47effeac2374159
QueenSoft.Vn.GroupSender.exe.78: string.This program cannot be run in DOS mode
embedded.file QueenSoft.Vn.WhatsApp.SharedLib.dll 19b5c0b0d4edfb2a2bab267f0a952bce
QueenSoft.Vn.WhatsApp.SharedLib.dll.78: string.This program cannot be run in DOS mode
embedded.file CsvHelper.dll 6d5e762b3ae8e45ba54f5bc6ce8373fb
CsvHelper.dll.78: string.This program cannot be run in DOS mode
embedded.file AdbWinUsbApi.dll 5f23f2f936bdfac90bb0a4970ad365cf
AdbWinUsbApi.dll.78: string.This program cannot be run in DOS mode
AdbWinUsbApi.dll.48154: string.LoadLibraryA
AdbWinUsbApi.dll.47504: string.GetModuleHandleA
AdbWinUsbApi.dll.47416: string.GetCommandLineA
AdbWinUsbApi.dll.47486: string.GetProcAddress
AdbWinUsbApi.dll.48080: string.EnterCriticalSection
AdbWinUsbApi.dll.47248: string.CloseHandle
AdbWinUsbApi.dll.2008: string.KERNEL32
AdbWinUsbApi.dll.1967: string.ExitProcess
embedded.file AdbWinApi.dll 47a6ee3f186b2c2f5057028906bac0c6
AdbWinApi.dll.78: string.This program cannot be run in DOS mode
AdbWinApi.dll.78320: string.LoadLibraryA
AdbWinApi.dll.77696: string.GetModuleHandleA
AdbWinApi.dll.77626: string.GetCommandLineA
AdbWinApi.dll.77454: string.GetProcAddress
AdbWinApi.dll.77354: string.EnterCriticalSection
AdbWinApi.dll.77168: string.CloseHandle
AdbWinApi.dll.78636: string.CreateFileA
AdbWinApi.dll.2560: string.KERNEL32
AdbWinApi.dll.2519: string.ExitProcess
embedded.file fastboot.exe edec5980fababc83f272805d11cd0c17
fastboot.exe.78: string.This program cannot be run in DOS mode
fastboot.exe.161758: string.GetModuleHandleA
fastboot.exe.161778: string.GetProcAddress
fastboot.exe.161682: string.EnterCriticalSection
fastboot.exe.162621: string.CloseHandle
fastboot.exe.163000: string.KERNEL32
fastboot.exe.161706: string.ExitProcess
embedded.file adb.exe 0259b5c3ebf708a0ecf54b846ad05828
adb.exe.78: string.This program cannot be run in DOS mode
adb.exe.874550: string.LoadLibraryA
adb.exe.874262: string.GetModuleHandleA
adb.exe.874282: string.GetProcAddress
adb.exe.874036: string.CreateProcessA
adb.exe.874078: string.EnterCriticalSection
adb.exe.873978: string.CloseHandle
adb.exe.874008: string.CreateFileA
adb.exe.826885: string.KERNEL32
adb.exe.874102: string.ExitProcess
embedded.file Newtonsoft.Json.dll abd9c387aaba000866f8ccb82313635f
Newtonsoft.Json.dll.78: string.This program cannot be run in DOS mode
Yara:
sqlite fake_user_agent fake_user_agent
c0256ef927d2d35a9c53a9b0993dd52d view report 2. He thong PCCC .xlsm 1286574 32 X 0 0
embedded.file vbaProject.bin 9fe2f63123d3da0b1b15b4619ebb4cf7
vbaProject.bin.452697: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.586484: suspicious.office Visual Basic macro
vbaProject.bin.452165: string.shell32.dll
vbaProject.bin.dropped.file vbs 59040bf0545a7b6cfc6d730bde69db9a / 525490 bytes / @ 124750
ac07d1923440cc59bf432c979a75758d view report DT_Ngam_2017.xlsm 2503630 42 X 0 0
embedded.file vbaProject.bin f480d645cf335350aed3eee989a14d7e
vbaProject.bin.189662: suspicious.office Visual Basic macro
vbaProject.bin.196100: string.shell32.dll
vbaProject.bin.80965: string.vbs On Error Resume Next
embedded.file activeX5.xml d1c3dbe7433cb4657499e588a1d41a0b
activeX5.xml.77: exploit.office MSO MSCOMCTL.OCX RCE CVE-2012-0158 I
027428e2bf086fb4be488751069eccf5 view report DT_Ngam_2017.xlsm 2388275 42 X 0 0
embedded.file vbaProject.bin 0006c0b099ecf59a451237211b0ac9a0
vbaProject.bin.185566: suspicious.office Visual Basic macro
vbaProject.bin.191689: string.shell32.dll
vbaProject.bin.84549: string.vbs On Error Resume Next
embedded.file activeX5.xml d1c3dbe7433cb4657499e588a1d41a0b
activeX5.xml.77: exploit.office MSO MSCOMCTL.OCX RCE CVE-2012-0158 I
04fb0585e46f7fa467d0d725a98af4ff view report /1/8/7/87be7f49e763c5f0a3bcf9081c26754fe1ee191c57696c59f9e84ccfdd5d0c54.file 1288025 13 X 0 0
embedded.file vbaProject.bin c82dd926258e7bfcbc520ef1955686bc
vbaProject.bin.83158: suspicious.office Visual Basic macro
vbaProject.bin.55121: string.vbs On Error Resume Next
embedded.file vmlDrawing6.vml 85bfe0b50d636ba2d52a50a39eac9436
Yara:
office_vb_dropper
e80f3615b8d248b5bae972f312880180 view report /1/d/0/d0e4ff97053eaae0892f97dce892244fb68386025eb069c1e8f28bdd17587935.file 1376108 14 X 0 0
embedded.file vbaProject.bin 165d9f3653f078d3fa0e79a94e8907a3
vbaProject.bin.65758: suspicious.office Visual Basic macro
vbaProject.bin.50758: string.vbs On Error Resume Next
embedded.file vmlDrawing6.vml 474621917bff0ac08bf5d56fcf877235
embedded.file image9.emf 5758b1ec4ce0e48b77d331f7df385016
67ff6c38e1df35f74fdc609bec63085a view report Du toan Quang Ngai.xlsm 3239675 32 X 0 0
embedded.file vbaProject.bin 433829dec73dca27b099639c3e1e3a44
vbaProject.bin.481873: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.614644: suspicious.office Visual Basic macro
vbaProject.bin.481341: string.shell32.dll
4b0ae7ed258865f6e49e77bc9416aab7 view report vbaProject.bin 695296 32 X 0 0
495185: exploit.office embedded Visual Basic execute shell command Wscript.Shell
631540: suspicious.office Visual Basic macro
494653: string.shell32.dll
dropped.file vbs 0574d3bfb1d8731391e1b6bc6a3fb870 / 545466 bytes / @ 149830