Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
a242166ccf3fa1f21f5a06a273f4580f view report cf8e0ae7a5822f87818a9eccf5dd301de908063c022e568923924c0a62abbcc9_mx.doc 286720 30 X 0 0
24654: string.This program cannot be run in DOS mode
65624: string.shell32.dll
234202: string.KERNEL32
dropped.file exe acce144ba244d25a93083154fda6464e / 262144 bytes / @ 24576
a242166ccf3fa1f21f5a06a273f4580f view report cf8e0ae7a5822f87818a9eccf5dd301de908063c022e568923924c0a62abbcc9_mx.doc 286720 30 X 0 0
24654: string.This program cannot be run in DOS mode
65624: string.shell32.dll
234202: string.KERNEL32
dropped.file exe acce144ba244d25a93083154fda6464e / 262144 bytes / @ 24576
ad7cd2cead4a28a708a7422bb8d14e1b view report 9097333f3b59b9dfc84d46af39fa17b9db3c0d542e5031fb2cd743c8da580b38_remcos_output4ce990.doc 1040384 10 X 0 0
24654: string.This program cannot be run in DOS mode
dropped.file exe c1aa3cd0054f0cd12bf9a2de89e540e1 / 1015808 bytes / @ 24576
ad7cd2cead4a28a708a7422bb8d14e1b view report 9097333f3b59b9dfc84d46af39fa17b9db3c0d542e5031fb2cd743c8da580b38_remcos_output4ce990.doc 1040384 10 X 0 0
24654: string.This program cannot be run in DOS mode
dropped.file exe c1aa3cd0054f0cd12bf9a2de89e540e1 / 1015808 bytes / @ 24576
b019cb31bf6351ae173643de93c1e7a3 view report 1e77319c40712b1ab8e5cd2202e1bcd26094055ae626819062600973797ad015_download_vivaldi.1.13.1008.41_sib.doc 593920 90 X 0 0
147534: string.This program cannot be run in DOS mode
555504: string.GetModuleHandleA
343742: string.GetCommandLineA
553838: string.GetSystemMetrics
341094: string.GetProcAddress
342930: string.EnterCriticalSection
340698: string.CloseHandle
341550: string.KERNEL32
310911: string.ExitProcess
dropped.file exe c090d13b96aec4a4fd31a0de2b08009f / 217088 bytes / @ 147456
dropped.file exe dcde84df1a391b53faec97cd9d4bbef8 / 229376 bytes / @ 364544
b019cb31bf6351ae173643de93c1e7a3 view report 1e77319c40712b1ab8e5cd2202e1bcd26094055ae626819062600973797ad015_download_vivaldi.1.13.1008.41_sib.doc 593920 90 X 0 0
147534: string.This program cannot be run in DOS mode
555504: string.GetModuleHandleA
343742: string.GetCommandLineA
553838: string.GetSystemMetrics
341094: string.GetProcAddress
342930: string.EnterCriticalSection
340698: string.CloseHandle
341550: string.KERNEL32
310911: string.ExitProcess
dropped.file exe c090d13b96aec4a4fd31a0de2b08009f / 217088 bytes / @ 147456
dropped.file exe dcde84df1a391b53faec97cd9d4bbef8 / 229376 bytes / @ 364544
e48e2470730193fb3edf6e0a6c38f75b view report 8200e07ef43d4e7cce22413bf702bdea7cb0e5a68d78f09e792d0dfccb4484db_com.eweaver.document.file.FileDownload.xls 121856 72 X 0 0
71363: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
71947: exploit.office embedded Visual Basic execute shell command Wscript.Shell
78440: exploit.office embedded Visual Basic accessing file OpenTextFile
106228: suspicious.office Visual Basic macro
68653: string.vbs On Error Resume Next
dropped.file vbs 37c426d7d8ab90bed3f4bfb844494a5e / 19998 bytes / @ 75053
dropped.file vbs 126b954f8b0cd4e689be03dac5d8d6cf / 26805 bytes / @ 95051
e48e2470730193fb3edf6e0a6c38f75b view report 8200e07ef43d4e7cce22413bf702bdea7cb0e5a68d78f09e792d0dfccb4484db_com.eweaver.document.file.FileDownload.xls 121856 72 X 0 0
71363: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
71947: exploit.office embedded Visual Basic execute shell command Wscript.Shell
78440: exploit.office embedded Visual Basic accessing file OpenTextFile
106228: suspicious.office Visual Basic macro
68653: string.vbs On Error Resume Next
dropped.file vbs 37c426d7d8ab90bed3f4bfb844494a5e / 19998 bytes / @ 75053
dropped.file vbs 126b954f8b0cd4e689be03dac5d8d6cf / 26805 bytes / @ 95051
35e8752d59627967a7a75d9cca02f705 view report 9a66c36e4f18b6dfa2ad98a122f2bca2c2eb0a64f96d7d5fb6d56708bda00b28_20121127031228.xls 101376 72 X 0 0
53198: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
53782: exploit.office embedded Visual Basic execute shell command Wscript.Shell
60291: exploit.office embedded Visual Basic accessing file OpenTextFile
88820: suspicious.office Visual Basic macro
49976: string.vbs On Error Resume Next
dropped.file vbs 7071503566e3f8eff42078fa48a63d1d / 20131 bytes / @ 56896
dropped.file vbs 79b38d2f999ed298cf6535ee0c688702 / 24349 bytes / @ 77027
737058df48f1f316faa77dfc8db53b4d view report c35e96019edbfc8cc5a11f7534770328f582386eae72904eb1cd3b032a0bae12_Terminotix_Toolbar.docx 700108 102 X 0 0
embedded.file vbaProject.bin 73405fec88cebc9047c1ffd8e956dd8b
vbaProject.bin.441968: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.614308: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.636634: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.620758: suspicious.office Visual Basic macro
vbaProject.bin.639852: string.GetCommandLineA
vbaProject.bin.399889: string.user32.dll
vbaProject.bin.482083: string.GetMessageA
vbaProject.bin.529124: string.vbs On Error Resume Next
35e8752d59627967a7a75d9cca02f705 view report 9a66c36e4f18b6dfa2ad98a122f2bca2c2eb0a64f96d7d5fb6d56708bda00b28_20121127031228.xls 101376 72 X 0 0
53198: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
53782: exploit.office embedded Visual Basic execute shell command Wscript.Shell
60291: exploit.office embedded Visual Basic accessing file OpenTextFile
88820: suspicious.office Visual Basic macro
49976: string.vbs On Error Resume Next
dropped.file vbs 7071503566e3f8eff42078fa48a63d1d / 20131 bytes / @ 56896
dropped.file vbs 79b38d2f999ed298cf6535ee0c688702 / 24349 bytes / @ 77027
737058df48f1f316faa77dfc8db53b4d view report c35e96019edbfc8cc5a11f7534770328f582386eae72904eb1cd3b032a0bae12_Terminotix_Toolbar.docx 700108 102 X 0 0
embedded.file vbaProject.bin 73405fec88cebc9047c1ffd8e956dd8b
vbaProject.bin.441968: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.614308: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.636634: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.620758: suspicious.office Visual Basic macro
vbaProject.bin.639852: string.GetCommandLineA
vbaProject.bin.399889: string.user32.dll
vbaProject.bin.482083: string.GetMessageA
vbaProject.bin.529124: string.vbs On Error Resume Next
bde4b1ef9f933d8895a0431c7b44a4c7 view report 3af43eecff8b9378a9ad975e8bc6f5d2983943d1fa4b24e23cf3fc201e926c8e_lofyt.doc 835584 20 X 0 0
24654: string.This program cannot be run in DOS mode
54047: string.GetProcAddress
dropped.file exe 9df24007a5852d8a33c712eb3f7c3cc1 / 811008 bytes / @ 24576
bde4b1ef9f933d8895a0431c7b44a4c7 view report 3af43eecff8b9378a9ad975e8bc6f5d2983943d1fa4b24e23cf3fc201e926c8e_lofyt.doc 835584 20 X 0 0
24654: string.This program cannot be run in DOS mode
54047: string.GetProcAddress
dropped.file exe 9df24007a5852d8a33c712eb3f7c3cc1 / 811008 bytes / @ 24576
931462f4bede97b7ee066027ce5e6d81 view report 60c1d2a01f0d7b5d1b557e07ef6810798a03f22cb2e20343653bd121a19eedc5_na.doc 602112 70 X 0 0
24656: string.This program must be run under Win32
435267: string.LoadLibraryA
435248: string.GetModuleHandleA
435231: string.GetProcAddress
435700: string.user32.dll
435832: string.shell32.dll
436191: string.CreateWindowExA
dropped.file exe 1baa9cd41d4e18ad7bd3ab4ca55372da / 577536 bytes / @ 24576