Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
b2089a25cd4b8bc9f887090f1d3fae7f view report TDR - Predrańćun.xls 305152 74 X 0 0
298270: suspicious.office Visual Basic macro
1488: suspicious.office Packager ClassID used by CVE-2014-6352 C
10140: string.This program cannot be run in DOS mode
289495: string.LoadLibraryA
23298: string.GetModuleHandleA
23442: string.EnterCriticalSection
23484: string.KERNEL32
23366: string.ExitProcess
23130: string.CreateWindowExA
dropped.file exe 2583a5ed70dcec569898071601682277 / 81920 bytes / @ 10062
dropped.file exe 2965d3566d60700b25666250444481a8 / 213170 bytes / @ 91982
a526b9e7c716b3489d8cc062fbce4005 view report desktop.ini 129 10 X 0 0
110: string.shell32.dll
74b24a74ae34146997bbad48c1498feb view report $MFT 131072 10 X 0 0
38286: string.shell32.dll
db1a492a5e1ca3738d1e94ac3d2b035b view report [as.oehiv.xyz][839]HP1.msi 3025920 100 X 0 0
755628: exploit.office embedded Visual Basic execute shell command Wscript.Shell
62542: string.This program cannot be run in DOS mode
309612: string.GetCommandLineA
68850: string.GetProcAddress
306848: string.EnterCriticalSection
69068: string.CloseHandle
69176: string.KERNEL32
68934: string.ExitProcess
755584: string.vbs On Error Resume Next
dropped.file exe 29cb19c01866c047aa93163795415ac3 / 20992 bytes / @ 62464
dropped.file exe d6bf50e1b22580075d7916f242effeb7 / 255488 bytes / @ 83456
dropped.file exe b074a4a158cd1e0c60f8bbbd54f30778 / 2686976 bytes / @ 338944
9de88b85093ded152bb2dec098c76c15 view report asmonnwqkg.gif.zip 1013248 140 X 32 0
80: string.This program must be run under Win32
925210: string.LoadLibraryA
390792: string.GetModuleHandleA
924098: string.GetCommandLineA
172488: string.GetSystemMetrics
388485: string.GetProcAddress
926386: string.CreateProcessA
923648: string.EnterCriticalSection
390620: string.CloseHandle
926418: string.CreateFileA
924394: string.RegOpenKeyExA
396236: string.user32.dll
924160: string.ExitProcess
927822: string.CreateWindowExA
dropped.file exe 1b3d62fadcabfa09bc3f63be9ce4b518 / 1013248 bytes / @ 0
aa6d0a82e8e8706971731d7a35298f48 view report Copia de Formato_Solicitud_Cuentas_de_Usuario.xlsm 1902490 18 X 0 0
embedded.file activeX1.xml f206cb1410db3b11e9ffbb3d3025eef2
activeX1.xml.56: suspicious.office activeX
embedded.file activeX9.xml dbd1871942a02ba0b33767f96360b35d
activeX9.xml.56: suspicious.office activeX
embedded.file sharedStrings.xml 20626b8cad9d1943fa9a7a6734d174fa
sharedStrings.xml.125726: suspicious.office DDE Excel execution
embedded.file vbaProject.bin 9f24c2676b11d0d487b0e121e3acbd53
vbaProject.bin.230102: suspicious.office Visual Basic macro
vbaProject.bin.157111: string.vbs On Error Resume Next
2b36c2a000ff2c43b30748b0f1fa088a view report 2012_0158_malicious_document 126583 250 X 1 0
embedded.file datastore-8 9aecf72bff1fca76784c83603e87a554
datastore-8.12: exploit.office CVE-2012-0158 F
datastore-8.2313: exploit.office OLE MSCOMCTL.OCX RCE CVE-2012-0158 H
datastore-8.1155: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs E
158: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 B
4527: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 D
4493: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs C
2477: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs D
26822: string.This program cannot be run in DOS mode
49442: string.LoadLibraryA
48790: string.GetModuleHandleA
49000: string.GetCommandLineA
49424: string.GetProcAddress
49032: string.GetEnvironmentVariableA
48630: string.CloseHandle
48700: string.CreateFileA
48300: string.user32.dll
48926: string.KERNEL32
48776: string.ExitProcess
dropped.file doc 0d6d94001483c7bc7650ab2a3e98427a / 16384 bytes / @ 10360
dropped.file exe 20c764dfa4363c6941d8f30cff20c86b / 99839 bytes / @ 26744
683cfe497f8a64a4b97d3d5e01dab0ae view report IMG_101290_100121_010210_001010_012100.IMG 1245184 10 X 0 0
919630: string.This program cannot be run in DOS mode
dropped.file exe 74e1826296b1db1c751c44f99b7d823c / 325632 bytes / @ 919552
6834955c1fe81e1e94add75cb26ea121 view report macro2.doc 64000 12 X 0 0
57048: suspicious.office Visual Basic macro
38506: string.vbs On Error Resume Next
6834955c1fe81e1e94add75cb26ea121 view report GenPunctuationHelp.doc 64000 12 X 0 0
57048: suspicious.office Visual Basic macro
38506: string.vbs On Error Resume Next
458d5a87334e9e827654a36da1a8a30e view report 1234.doc 157696 40 X 1 0
98894: xor_0x88.string.This program cannot be run in DOS mode
155315: xor_0x88.string.LoadLibraryA
155331: xor_0x88.string.GetProcAddress
156218: xor_0x88.string.user32.dll
dropped.file exe 59e218ed791dcc9e5848640d1e5e2857 / 58880 bytes / @ 98816
6834955c1fe81e1e94add75cb26ea121 view report GenPunctuationHelp.doc 64000 12 X 0 0
57048: suspicious.office Visual Basic macro
38506: string.vbs On Error Resume Next
7dee4fe8fbae1cfcbadd2d358c703c59 view report HTTPMacro.doc 41984 52 X 0 0
33343: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
33311: exploit.office embedded Visual Basic execute shell command Wscript.Shell
37138: suspicious.office Visual Basic macro
33279: string.vbs On Error Resume Next
735d599cf5298f75799f14fd61af6de3 view report Payment-advice.doc 49100 12 X 0 0
embedded.file vbaProject.bin 2363166fbe40b2a33f895f733eb2e8f7
vbaProject.bin.30038: suspicious.office Visual Basic macro
vbaProject.bin.22078: string.vbs impersonationLevel
03d7efadbaec03535b624fff2f17c4b0 view report zytl.txt 114128 50 X 0 0
113748: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
114071: exploit.office embedded Visual Basic execute shell command Wscript.Shell
113734: string.vbs CreateObject