Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
4fe00af7c159094fb769755589b2a70c view report 4fe00af7c159094fb769755589b2a70c_4fe00af7c159094fb769755589b2a70c.xls 551424 12 X 0 0
544990: suspicious.office Visual Basic macro
14395: string.vbs On Error Resume Next
dropped.file vbs fe326b9d0af24cea79fb48652ea692e6 / 27611 bytes / @ 523813
ea1a4db07744c212023277884c376105 view report CVE-2014-6352.ppsx 44736 12 X 0 0
embedded.file oleObject1.bin 4b6c1871facc52a6636be93725b8d948
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.5303: string.This program cannot be run in DOS mode
oleObject1.bin.dropped.file exe 37c19b0467b6c0a11af958ed6bd450f8 / 35735 bytes / @ 5225
ad6cb43065bb804df423c9b0bee030fb view report oleObject1.bin 848896 72 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
8895: string.This program must be run under Win32
843879: string.LoadLibraryA
843893: string.GetProcAddress
843854: string.user32.dll
843842: string.shell32.dll
843759: string.KERNEL32
843953: string.ExitProcess
dropped.file exe 1b86b0bffc109b7a47174ff84f3904c3 / 840081 bytes / @ 8815
bb0062d98b7aa646308b0baeec0478d1 view report vbaProject.bin 39936 32 X 0 0
16146: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
29968: suspicious.office Visual Basic macro
23637: string.vbs impersonationLevel
476cbc97b814855ec2f91108d03a9a04 view report 476cbc97b814855ec2f91108d03a9a04 947200 42 X 0 0
905739: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
927490: suspicious.office Visual Basic macro
905631: string.vbs On Error Resume Next
905725: string.vbs CreateObject
49a682e15d93e8de16fb1db148358679 view report /1/1/7/17a22a42ee51f7fc84873622a5fdbc758e83d1433e0be260959069c36bf244e9.file 6295688 140 X 0 0
embedded.file Rez injector.exe 3ee6f7fa313afb8173cdee338973f741
Rez injector.exe.78: string.This program cannot be run in DOS mode
Rez injector.exe.1089712: string.LoadLibraryA
Rez injector.exe.1089958: string.GetModuleHandleA
Rez injector.exe.1090382: string.GetCommandLineA
Rez injector.exe.1092454: string.GetSystemMetrics
Rez injector.exe.1089694: string.GetProcAddress
Rez injector.exe.1089786: string.CreateProcessA
Rez injector.exe.1095774: string.EnterCriticalSection
Rez injector.exe.1089728: string.CloseHandle
Rez injector.exe.1090232: string.CreateFileA
Rez injector.exe.1093176: string.RegOpenKeyExA
Rez injector.exe.1091040: string.KERNEL32
Rez injector.exe.1092382: string.GetMessageA
Rez injector.exe.1091280: string.CreateWindowExA
5d46e695f925a0ad98667d34d1a8d942 view report 5d46e695f925a0ad98667d34d1a8d942 1093343 90 X 4 0
63839: exploit.office RTF memory corruption listoverridecount CVE-2012-2539 CVE-2014-1761
182855: string.This program cannot be run in DOS mode
517709: string.GetModuleHandleA
519943: string.GetSystemMetrics
518469: string.GetProcAddress
517885: string.EnterCriticalSection
518063: string.CloseHandle
183660: string.KERNEL32
dropped.file exe 4190671b813f452aa7502642a1958e8b / 910566 bytes / @ 182777
f69bbb8c9037b0b1b668f5fed2d831d4 view report New order.docx 787120 10 X 0 0
embedded.file oleObject1.bin 7cfe1c56a1cced4b31915543e14b12b4
oleObject1.bin.8887: string.This program cannot be run in DOS mode
oleObject1.bin.dropped.file exe 30ed73473caead441ceec7f36b442609 / 719255 bytes / @ 8809
addaa4210debee8aca62c8ae5b68820d view report addaa4210debee8aca62c8ae5b68820d 1093325 90 X 4 0
63821: exploit.office RTF memory corruption listoverridecount CVE-2012-2539 CVE-2014-1761
182837: string.This program cannot be run in DOS mode
517691: string.GetModuleHandleA
519925: string.GetSystemMetrics
518451: string.GetProcAddress
517867: string.EnterCriticalSection
518045: string.CloseHandle
183642: string.KERNEL32
dropped.file exe 4190671b813f452aa7502642a1958e8b / 910566 bytes / @ 182759
b53666fe047a47ccf8939f113640dbd0 view report vbaProject.bin 39936 32 X 0 0
16146: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
29968: suspicious.office Visual Basic macro
23637: string.vbs impersonationLevel
c4540671d08c7f77fe30fc1a3e757aa7 view report vbaProject.bin 39936 32 X 0 0
16146: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
29968: suspicious.office Visual Basic macro
23637: string.vbs impersonationLevel
3e3b7783b4a30da18d8e013a4959c02e view report vbaProject.bin 39936 32 X 0 0
16146: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
29968: suspicious.office Visual Basic macro
23637: string.vbs impersonationLevel
501e8d591c82525c440e21b4addda5d9 view report vbaProject.bin 39936 32 X 0 0
16146: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
29968: suspicious.office Visual Basic macro
23637: string.vbs impersonationLevel
d4c958f5e37a6ee92e2ba608cec1bb1a view report HSOTN2JI.docm 55170 52 X 0 0
embedded.file vbaProject.bin b53666fe047a47ccf8939f113640dbd0
vbaProject.bin.16146: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.29968: suspicious.office Visual Basic macro
vbaProject.bin.23637: string.vbs impersonationLevel
embedded.file core.xml b1ac73f87c1b962d1e925c954405223d
core.xml.692: exploit.office embedded Visual Basic execute shell command Wscript.Shell
730a45107857a13c9745ccd7dda79632 view report UCER2Q.docm 55134 52 X 0 0
embedded.file vbaProject.bin d7816bdedf9fe2c198ee227e3e171021
vbaProject.bin.16146: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.29968: suspicious.office Visual Basic macro
vbaProject.bin.23637: string.vbs impersonationLevel
embedded.file core.xml c870bb7183804ead504f1379973559d1
core.xml.692: exploit.office embedded Visual Basic execute shell command Wscript.Shell