Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
de4c46a6820be0f1ad8f2a1a305ae798 view report vbaProject.bin 473600 70 X 0 0
130236: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
102220: exploit.office embedded Visual Basic execute shell command Wscript.Shell
411229: exploit.office embedded Visual Basic accessing file OpenTextFile
130006: string.vbs impersonationLevel
9e744f69089d2e7f7bf0dd76d5aec2ff view report oleObject1.bin 1067008 72 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
10943: string.This program must be run under Win32
1062245: string.LoadLibraryA
1062259: string.GetProcAddress
1062207: string.user32.dll
1062195: string.shell32.dll
1062099: string.KERNEL32
1062319: string.ExitProcess
dropped.file exe 6e30aca637182301c9e5f9ffccbfd8ae / 1056145 bytes / @ 10863
2ac63283c01c6aae8cc61b1a886f6035 view report FillDocuments_v2479.xla 1054208 102 X 0 0
136553: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
139619: exploit.office embedded Visual Basic execute shell command Wscript.Shell
798560: exploit.office embedded Visual Basic accessing file OpenTextFile
24265: exploit.office cmd.exe shell command
789202: suspicious.office Visual Basic macro
123479: string.URLDownloadToFileA
287966: string.vbs On Error Resume Next
dropped.file pdf b6447d19e37c64c53b8b593c2289e29a / 340 bytes / @ 74357
dropped.file pdf 1de306368bc2ee84458c4dcaf73adcd7 / 5480 bytes / @ 74697
dropped.file pdf b79c713e542373f820ea19dfc12b3f87 / 5504 bytes / @ 80177
dropped.file pdf 232f4af7361b82f827bd9d5ec931f091 / 22779 bytes / @ 85681
dropped.file pdf f824a59fb2a6ab9e7b0ef9823279dc9b / 621576 bytes / @ 108460
dropped.file pdf 3609124727dcbc2843a4e6dcf4ad7f96 / 324172 bytes / @ 730036
05bb86b48a2fe800f4625a1312980385 view report Sweco.dotm 201755 70 X 0 0
embedded.file vbaProject.bin 10c0a8220d9f2589f86de0535c0b8e7b
vbaProject.bin.94732: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.66388: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.368159: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.94502: string.vbs impersonationLevel
86e271ec001a5dcb9017467750f78d87 view report Sweco.dotm 210886 70 X 0 0
embedded.file vbaProject.bin de4c46a6820be0f1ad8f2a1a305ae798
vbaProject.bin.130236: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.102220: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.411229: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.130006: string.vbs impersonationLevel
5e8b226d00695f802de0d996e621284f view report Doc!(Orders1806017).doc 220194 12 X 0 0
embedded.file oleObject1.bin 1a93a7cf3917b82cc4e7f41d63b3c0c0
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.4270: string.This program cannot be run in DOS mode
oleObject1.bin.dropped.file exe 6f4ae404f4b0b29703cf7dd30787ae07 / 196768 bytes / @ 4192
oleObject1.bin.dropped.file exe 85fd2d7db75389ab35d60850d4caef35 / 47872 bytes / @ 200960
123aac1463a58e76502540ccc8355765 view report PV_Karta PV_1358652016.doc 817152 32 X 0 0
765884: exploit.office cmd.exe shell command
721618: suspicious.office Visual Basic macro
733899: string.vbs On Error Resume Next
dropped.file doc c40b96d84505e01f09c3cca65e12698d / 769792 bytes / @ 47360
63abf1ebef745b12d5294ec1b663ecd6 view report PurchaseOrder.doc 949760 112 X 0 0
9808: suspicious.office Packager ClassID used by CVE-2014-6352 C
17604: string.This program cannot be run in DOS mode
216548: string.LoadLibraryA
216632: string.GetModuleHandleA
217302: string.GetCommandLineA
185486: string.GetSystemMetrics
215844: string.GetProcAddress
216748: string.EnterCriticalSection
215812: string.CloseHandle
217778: string.CreateFileA
191626: string.KERNEL32
190061: string.ExitProcess
dropped.file exe 5d2faf4fb8fe0f99d5bb254ed82e527f / 932234 bytes / @ 17526
89d0baee86e91801da1d994b585d7a8a view report PV_Karta PV_1120349009.doc 825856 32 X 0 0
773564: exploit.office cmd.exe shell command
729298: suspicious.office Visual Basic macro
741579: string.vbs On Error Resume Next
dropped.file doc d6470d9a9a912521a7d28cd840a210cc / 773376 bytes / @ 52480
51bc4f5b74276d7a253b2b58cd41253c view report vbaProject.bin 219136 12 X 0 0
205076: suspicious.office Visual Basic macro
88454: string.vbs On Error Resume Next
f665d054ce7570428ad490839ed0ef96 view report 7e16178122d2070.bup 2783744 110 X 1 0
3662: string.This program cannot be run in DOS mode
49474: string.LoadLibraryA
49910: string.GetModuleHandleA
50120: string.GetCommandLineA
49456: string.GetProcAddress
712052: string.URLDownloadToFileA
50238: string.EnterCriticalSection
49606: string.CloseHandle
41252: string.Advapi32.dll
41600: string.KERNEL32
41679: string.ExitProcess
dropped.file exe 8a91e25f19862171dd226e18f3b86096 / 2780160 bytes / @ 3584
93cc7e94c9e5154ec44ddb337f30174d view report oleObject1.bin 1067008 72 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
10943: string.This program must be run under Win32
1062245: string.LoadLibraryA
1062259: string.GetProcAddress
1062207: string.user32.dll
1062195: string.shell32.dll
1062099: string.KERNEL32
1062319: string.ExitProcess
dropped.file exe 2a94fc6a31e0a5955b1a2ef0506b7925 / 1056145 bytes / @ 10863
0496f1f43aaf62327f15a98e545ce165 view report 0496f1f43aaf62327f15a98e545ce165 318857 12 X 0 0
embedded.file oleObject1.bin c6e1e1e64a34b84de1a2e1962df31656
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.5925: string.This program cannot be run in DOS mode
oleObject1.bin.dropped.file exe a6da3332627414e554ddf846b88f5c68 / 398121 bytes / @ 5847
c6e1e1e64a34b84de1a2e1962df31656 view report c6e1e1e64a34b84de1a2e1962df31656 403968 12 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
5925: string.This program cannot be run in DOS mode
dropped.file exe a6da3332627414e554ddf846b88f5c68 / 398121 bytes / @ 5847
3f5d76a61662f02742820ecd757fa480 view report oleObject1.bin 320512 12 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
4832: string.This program cannot be run in DOS mode
dropped.file exe 04bba571a16c9081fa96829f8c80d11c / 315758 bytes / @ 4754