Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
4637b2a17ea4f265bfaaea42c129c9cb view report vbaProject.bin 36864 72 X 0 0
18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
27214: exploit.office embedded Visual Basic accessing file OpenTextFile
29968: suspicious.office Visual Basic macro
19188: string.vbs impersonationLevel
c89bc76329d6336b145bd5ef712d23be view report vbaProject.bin 36864 72 X 0 0
18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
27214: exploit.office embedded Visual Basic accessing file OpenTextFile
29968: suspicious.office Visual Basic macro
19188: string.vbs impersonationLevel
bf484dfce313a10751e0e3cfadc06d1c view report QUOTATION.doc 992720 92 X 0 0
embedded.file oleObject1.bin 676305793be75f50d671e08bca342c1b
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.14579: string.This program cannot be run in DOS mode
oleObject1.bin.763891: string.LoadLibraryA
oleObject1.bin.768227: string.GetSystemMetrics
oleObject1.bin.763907: string.GetProcAddress
oleObject1.bin.769285: string.CreateProcessA
oleObject1.bin.764717: string.EnterCriticalSection
oleObject1.bin.762865: string.CloseHandle
oleObject1.bin.765699: string.KERNEL32
oleObject1.bin.591720: string.ExitProcess
oleObject1.bin.dropped.file exe a7b220783565e0015941669ee69bbcd0 / 1527643 bytes / @ 14501
b807d22488a4eac0be82feaf987fecd7 view report vbaProject.bin 36864 72 X 0 0
18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
27214: exploit.office embedded Visual Basic accessing file OpenTextFile
29968: suspicious.office Visual Basic macro
19188: string.vbs impersonationLevel
583f824c09630407e23e5036248869df view report vbaProject.bin 36864 72 X 0 0
18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
27214: exploit.office embedded Visual Basic accessing file OpenTextFile
29968: suspicious.office Visual Basic macro
19188: string.vbs impersonationLevel
e9e4fbd350ddba57e2c62c60dac6e54d view report 228094.docm 70236 72 X 0 0
embedded.file vbaProject.bin eb766de1faba3a69a11d610d0d5077b9
vbaProject.bin.18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.27214: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.29968: suspicious.office Visual Basic macro
vbaProject.bin.19188: string.vbs impersonationLevel
29625211ea845b0d2f0e28219b5ad954 view report vbaProject.bin 36864 72 X 0 0
18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
27214: exploit.office embedded Visual Basic accessing file OpenTextFile
29968: suspicious.office Visual Basic macro
19188: string.vbs impersonationLevel
0eadd4ab963c0c88de25cac40aa4b60f view report ZZ645682402.doc 139809 74 X 0 0
126486: suspicious.office Visual Basic macro
22608: suspicious.office Packager ClassID used by CVE-2014-6352 C
137341: exploit.office VB Macro auto execute
24730: string.This program cannot be run in DOS mode
78472: string.GetSystemMetrics
75400: string.shell32.dll
78132: string.KERNEL32
78636: string.CreateWindowExA
dropped.file exe 3c4bc0ab4b1729854bf97b09202ee54a / 115157 bytes / @ 24652
728fd428134a79da0f02d398e3783778 view report vbaProject.bin 36864 72 X 0 0
18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
27214: exploit.office embedded Visual Basic accessing file OpenTextFile
29968: suspicious.office Visual Basic macro
19188: string.vbs impersonationLevel
0b44ea93a877c4dd0061adb27c1abe5b view report vbaProject.bin 36864 72 X 0 0
18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
27214: exploit.office embedded Visual Basic accessing file OpenTextFile
29968: suspicious.office Visual Basic macro
19188: string.vbs impersonationLevel
54ff0fb4c90c0496dc0b7dc986e53f91 view report 959918.docm 70273 72 X 0 0
embedded.file vbaProject.bin b807d22488a4eac0be82feaf987fecd7
vbaProject.bin.18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.27214: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.29968: suspicious.office Visual Basic macro
vbaProject.bin.19188: string.vbs impersonationLevel
4e096ae2aef96cb18c4cbf77dc7d801a view report 415001.docm 70256 72 X 0 0
embedded.file vbaProject.bin b14df62a2f95abd4b223c1900f038369
vbaProject.bin.18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.27214: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.29968: suspicious.office Visual Basic macro
vbaProject.bin.19188: string.vbs impersonationLevel
477b00a0411eefad098ba2124aafedca view report ExtractedAttachment_1.docm 70262 72 X 0 0
embedded.file vbaProject.bin 0b44ea93a877c4dd0061adb27c1abe5b
vbaProject.bin.18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.27214: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.29968: suspicious.office Visual Basic macro
vbaProject.bin.19188: string.vbs impersonationLevel
47e1afe1061d4c497b596b0cdbfa24aa view report 123-753475674-reg-invoice.docm 70302 72 X 0 0
embedded.file vbaProject.bin 27c71c774b84b811d06acfea1d48f6fd
vbaProject.bin.18469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.34428: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.27214: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.29968: suspicious.office Visual Basic macro
vbaProject.bin.19188: string.vbs impersonationLevel
8fb12fde1bade996014f611776a1a404 view report besplatnoe_cp__arcelona.zip 1164579 90 X 0 0
embedded.file archive.exe ad39464ffc638b7d7c0304ecd333a9be
archive.exe.78: string.This program cannot be run in DOS mode
archive.exe.62582: string.LoadLibraryA
archive.exe.61822: string.GetModuleHandleA
archive.exe.62240: string.GetCommandLineA
archive.exe.62274: string.GetProcAddress
archive.exe.62172: string.CloseHandle
archive.exe.59320: string.user32.dll
archive.exe.62928: string.KERNEL32
archive.exe.58127: string.ExitProcess