Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
8c8d7d3b66db54ceece68ffb0b6bbbee view report paper.xlsx 584847 104 X 0 0
embedded.file oleObject1.bin 0c12f871b172aaacbd65bd9c334dc8e8
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.7407: string.This program cannot be run in DOS mode
oleObject1.bin.38751: string.LoadLibraryA
oleObject1.bin.38713: string.GetModuleHandleA
oleObject1.bin.38921: string.GetCommandLineA
oleObject1.bin.38733: string.GetProcAddress
oleObject1.bin.39447: string.EnterCriticalSection
oleObject1.bin.37953: string.user32.dll
oleObject1.bin.38905: string.KERNEL32
oleObject1.bin.38953: string.ExitProcess
oleObject1.bin.38437: string.CreateWindowExA
oleObject1.bin.dropped.file exe bf04518117ca28c5a4be81ddf556762d / 287388 bytes / @ 17217
oleObject1.bin.dropped.file exe 45a3671b3a79460b0ec72ccdfaa57e1b / 315427 bytes / @ 304605
embedded.file sheet2.xml e741b6300574a2bf5f4f6f1d6dc87661
sheet2.xml.54613: suspicious.office OOXML Class used by CVE-2014-6352 D
bf3111b639b17cd304222bff0039ea2e view report f9172_13032120344803.doc 363465 12 X 0 0
embedded.file vbaProject.bin 423aaaf0b89f061a0c34f41933a0b29a
vbaProject.bin.291538: suspicious.office Visual Basic macro
vbaProject.bin.129635: string.CreateProcessA
0c0bb59fc15c946d14d3958a83d8eea4 view report 83362d70133c748231d0fc383e2c1b94c9e47a6355b87ae3e396b14acce7676d 1022328 102 X 0 0
281797: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
43009: exploit.office embedded Visual Basic execute shell command Wscript.Shell
405176: exploit.office embedded Visual Basic accessing file OpenTextFile
401232: suspicious.script potential active content
31758: string.shell32.dll
941904: string.KERNEL32
14501: string.vbs On Error Resume Next
281783: string.vbs CreateObject
9d7684f978ebd77e6a3ea7ef1330b946 view report winrm.vbs 204105 90 X 0 0
79972: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
73149: exploit.office embedded Visual Basic execute shell command Wscript.Shell
80869: exploit.office embedded Visual Basic accessing file OpenTextFile
74730: string.vbs On Error Resume Next
73127: string.vbs WScript
79958: string.vbs CreateObject
304856eb3aa19c8aacd784ce10171d82 view report com.apple.WebKit.WebContent-2019-12-05-085524-1-1.ips 71009 20 X 0 0
11929: string./usr/lib/libSystem
11692: string./usr/lib/dyld
7f06fe0374ee77ebcac1adcbd584ba68 view report rt6.doc 103936 42 X 0 0
83192: suspicious.office Visual Basic macro
11014: exploit.office VB Macro auto execute
26431: string.GetModuleHandleA
26451: string.GetProcAddress
a827d521181462a45a7077ae3c20c9b5 view report file.docx 178182 174 X 0 0
embedded.file oleObject2.bin 522e6b6c3e532b9645ebd2000254176f
oleObject2.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject2.bin.3875: string.This program cannot be run in DOS mode
oleObject2.bin.125971: string.GetCommandLineA
oleObject2.bin.125419: string.GetProcAddress
oleObject2.bin.125483: string.EnterCriticalSection
oleObject2.bin.124403: string.CloseHandle
oleObject2.bin.124551: string.KERNEL32
oleObject2.bin.94880: string.ExitProcess
oleObject2.bin.dropped.file exe 67b84d54397ec8785c1b33fd04c5fca8 / 132907 bytes / @ 3797
embedded.file oleObject1.bin abc1359062b25dc925a758625fe5822d
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.3875: string.This program cannot be run in DOS mode
oleObject1.bin.113343: string.GetModuleHandleA
oleObject1.bin.49205: string.GetCommandLineA
oleObject1.bin.112933: string.GetProcAddress
oleObject1.bin.48035: string.EnterCriticalSection
oleObject1.bin.112819: string.CloseHandle
oleObject1.bin.112769: string.CreateFileA
oleObject1.bin.114671: string.RegOpenKeyExA
oleObject1.bin.114111: string.KERNEL32
oleObject1.bin.112659: string.ExitProcess
oleObject1.bin.dropped.file exe ff9ba84dc884502a683967507f5991e2 / 144171 bytes / @ 3797
206c1f2ca2b3b9fc31e333fcdccf2deb view report staff-roster-template.xlsm 52678 12 X 0 0
embedded.file vbaProject.bin 4456898bae8508f41ac5fe78569006c0
vbaProject.bin.35822: suspicious.office Visual Basic macro
vbaProject.bin.38150: string.shell32.dll
Yara:
fake_user_agent
18ebc55182dfaa1fe5588af38bfc288b view report USPS_Delivery_NY03653391.doc 37560 14 X 0 0
embedded.file activeX1.xml 79d00a5fe8eb0067824b56cdb4e1de8f
activeX1.xml.56: suspicious.office activeX
embedded.file vbaProject.bin c5a72f144802d1f94d064d933eaea2aa
vbaProject.bin.13662: suspicious.office Visual Basic macro
vbaProject.bin.5399: string.URLDownloadToFileA
11a43079a6a8f4656c89cf9ad570751e view report eac_pv.xlam 1430013 42 X 0 0
embedded.file vbaProject.bin 4cd3c98c588b8670c4edd822cf524119
vbaProject.bin.667304: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.1654230: suspicious.office Visual Basic macro
vbaProject.bin.53611: string.shell32.dll
vbaProject.bin.1883797: string.vbs On Error Resume Next
63017bb2a213fa440191b204929ab0f7 view report Suspicious_File 1304576 150 X 1 0
2638: string.This program cannot be run in DOS mode
1244080: string.LoadLibraryA
1243996: string.GetModuleHandleA
1244048: string.GetCommandLineA
1246706: string.GetSystemMetrics
1243770: string.GetProcAddress
1243712: string.EnterCriticalSection
1243400: string.CloseHandle
1244398: string.CreateFileA
1247318: string.RegOpenKeyExA
1081060: string.user32.dll
1163676: string.KERNEL32
1161103: string.ExitProcess
1246846: string.GetMessageA
1246552: string.CreateWindowExA
dropped.file exe 91babceabb2263975b0c4309e82ca977 / 1302016 bytes / @ 2560
db0ae873a7466ba62bb8fb4ac7aeddd1 view report Invoice_101119.xls 719872 84 X 0 0
671056: exploit.office embedded Visual Basic execute shell command Wscript.Shell
695568: suspicious.office Visual Basic macro
1488: suspicious.office Packager ClassID used by CVE-2014-6352 C
6317: string.This program cannot be run in DOS mode
29633: string.GetModuleHandleA
29711: string.CloseHandle
10213: string.KERNEL32
29653: string.ExitProcess
29371: string.CreateWindowExA
dropped.file exe 8cc6ca8d8402a763dd7d57bdc29c7e17 / 289572 bytes / @ 12383
dropped.file exe e87eb5b34ffc3c113a82a03f64692fca / 417917 bytes / @ 301955
5892d0e25a0e79a308e5239a2deae1d7 view report c471871.xls 286720 64 X 0 0
278800: suspicious.office Visual Basic macro
1488: suspicious.office Packager ClassID used by CVE-2014-6352 C
12903: string.This program cannot be run in DOS mode
23411: string.GetModuleHandleA
23447: string.CloseHandle
22927: string.RegOpenKeyExA
23591: string.KERNEL32
23163: string.CreateWindowExA
dropped.file exe 1ec05f7a63bbb88eb31b6ea23988cff6 / 77824 bytes / @ 12825
dropped.file exe 4feb44f76fef0ee9d13d78e06350f214 / 196071 bytes / @ 90649
b2089a25cd4b8bc9f887090f1d3fae7f view report TDR - Predrańćun.xls 305152 74 X 0 0
298270: suspicious.office Visual Basic macro
1488: suspicious.office Packager ClassID used by CVE-2014-6352 C
10140: string.This program cannot be run in DOS mode
289495: string.LoadLibraryA
23298: string.GetModuleHandleA
23442: string.EnterCriticalSection
23484: string.KERNEL32
23366: string.ExitProcess
23130: string.CreateWindowExA
dropped.file exe 2583a5ed70dcec569898071601682277 / 81920 bytes / @ 10062
dropped.file exe 2965d3566d60700b25666250444481a8 / 213170 bytes / @ 91982
a526b9e7c716b3489d8cc062fbce4005 view report desktop.ini 129 10 X 0 0
110: string.shell32.dll