Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
28c35117953af1434b8325ca22efb82c view report 01813daa53abaa8ba5063d6ccc2638062aeeac895a10a42be59e5ecd46f37499_DiamondSaber_2018.xlsx 1757576 54 X 0 0
embedded.file activeX1.xml 30ea09e5be9a732575c2fea76252358e
activeX1.xml.56: suspicious.office activeX
embedded.file vbaProject.bin e2e8adb9c1404230e551a2d18e89f816
vbaProject.bin.46920: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.47030: exploit.office cmd.exe shell command
vbaProject.bin.185602: suspicious.office Visual Basic macro
vbaProject.bin.189414: string.shell32.dll
28c35117953af1434b8325ca22efb82c view report 01813daa53abaa8ba5063d6ccc2638062aeeac895a10a42be59e5ecd46f37499_DiamondSaber_2018.xlsx 1757576 54 X 0 0
embedded.file activeX1.xml 30ea09e5be9a732575c2fea76252358e
activeX1.xml.56: suspicious.office activeX
embedded.file vbaProject.bin e2e8adb9c1404230e551a2d18e89f816
vbaProject.bin.46920: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.47030: exploit.office cmd.exe shell command
vbaProject.bin.185602: suspicious.office Visual Basic macro
vbaProject.bin.189414: string.shell32.dll
9e4ac501dbb80a1b15a079f203b97ca5 view report 34c60100b9d18aed23bc438e0ae47f141503410da1fdb04faa0c0e60549950cf_loki1.doc 270336 10 X 0 0
24654: string.This program cannot be run in DOS mode
dropped.file exe b0886cb22f81a6d7df6c6568c40d15cf / 245760 bytes / @ 24576
2d79f9f2421297fceae4290a101a31d9 view report 192ebebf093330c31098498e5eaf596a973f9617de48d42d9ac92d68851ea15c_DiamondSaber_2018.xlsx 1259920 54 X 0 0
embedded.file activeX1.xml 30ea09e5be9a732575c2fea76252358e
activeX1.xml.56: suspicious.office activeX
embedded.file vbaProject.bin 226d15839c32114ca91834d99c19861e
vbaProject.bin.44062: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.44172: exploit.office cmd.exe shell command
vbaProject.bin.156418: suspicious.office Visual Basic macro
vbaProject.bin.160222: string.shell32.dll
ec5ae509e57a7a27503d8b63d8824a71 view report 350fdf312654f32046c74ef97288dfea932b72967f094df517bba048a80c0bca_FORM3.1.2014.xls 1587712 34 X 0 0
1387730: suspicious.office Visual Basic macro
1574010: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs E
553486: Moniker exploit MSHTML CVE-2018-8174
1413448: string.user32.dll
7d2bcd7d741e544387e29d4e88e73589 view report c70d9f3a77d2d03177b0f0c5be83eff14b8cb948e469c3641551b81accf9cb48_20180516-102313-A.docx 39004 12 X 0 0
embedded.file oleObject2.bin 4c43f62899265968d7ddd5fa82d27077
oleObject2.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject2.bin.2841: string.This program cannot be run in DOS mode
oleObject2.bin.dropped.file exe b4373dd1f82eb8a608e2aab9f30d5554 / 13621 bytes / @ 2763
a41cd7751db9be48c44be98c811e0b08 view report c3a6e84377af79b0cc435905783e9b0227b388ab731c106030a79a4d92d6baf6_Call_Report_NonNMLS_2018-04-17.xls 569856 12 X 0 0
530714: suspicious.office Visual Basic macro
516773: string.vbs On Error Resume Next
9e4ac501dbb80a1b15a079f203b97ca5 view report 34c60100b9d18aed23bc438e0ae47f141503410da1fdb04faa0c0e60549950cf_loki1.doc 270336 10 X 0 0
24654: string.This program cannot be run in DOS mode
dropped.file exe b0886cb22f81a6d7df6c6568c40d15cf / 245760 bytes / @ 24576
2d79f9f2421297fceae4290a101a31d9 view report 192ebebf093330c31098498e5eaf596a973f9617de48d42d9ac92d68851ea15c_DiamondSaber_2018.xlsx 1259920 54 X 0 0
embedded.file activeX1.xml 30ea09e5be9a732575c2fea76252358e
activeX1.xml.56: suspicious.office activeX
embedded.file vbaProject.bin 226d15839c32114ca91834d99c19861e
vbaProject.bin.44062: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.44172: exploit.office cmd.exe shell command
vbaProject.bin.156418: suspicious.office Visual Basic macro
vbaProject.bin.160222: string.shell32.dll
ec5ae509e57a7a27503d8b63d8824a71 view report 350fdf312654f32046c74ef97288dfea932b72967f094df517bba048a80c0bca_FORM3.1.2014.xls 1587712 34 X 0 0
1387730: suspicious.office Visual Basic macro
1574010: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs E
553486: Moniker exploit MSHTML CVE-2018-8174
1413448: string.user32.dll
7d2bcd7d741e544387e29d4e88e73589 view report c70d9f3a77d2d03177b0f0c5be83eff14b8cb948e469c3641551b81accf9cb48_20180516-102313-A.docx 39004 12 X 0 0
embedded.file oleObject2.bin 4c43f62899265968d7ddd5fa82d27077
oleObject2.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject2.bin.2841: string.This program cannot be run in DOS mode
oleObject2.bin.dropped.file exe b4373dd1f82eb8a608e2aab9f30d5554 / 13621 bytes / @ 2763
a41cd7751db9be48c44be98c811e0b08 view report c3a6e84377af79b0cc435905783e9b0227b388ab731c106030a79a4d92d6baf6_Call_Report_NonNMLS_2018-04-17.xls 569856 12 X 0 0
530714: suspicious.office Visual Basic macro
516773: string.vbs On Error Resume Next
b05862319c96d69d32fe40793901be3d view report 73f9c07c00c92668038097cbf5f0b08f3f97a8213c34812dc40a89fa8ddb0102_P020180511755016110853.xls 81920 42 X 0 0
68186: exploit.office embedded Visual Basic execute shell command Wscript.Shell
73490: suspicious.office Visual Basic macro
64599: string.URLDownloadToFileA
75160: string.shell32.dll
144b6c22025a4b70428e52792d10ae27 view report 3ffb7d5ccd36d674c5c4da0c38c28687658a21a0fa5898eeadfd68085067ae7c_download_vivaldi.1.13.1008.41_sib.doc 516096 90 X 0 0
69710: string.This program cannot be run in DOS mode
477680: string.GetModuleHandleA
265918: string.GetCommandLineA
476014: string.GetSystemMetrics
263270: string.GetProcAddress
265106: string.EnterCriticalSection
262874: string.CloseHandle
263726: string.KERNEL32
233087: string.ExitProcess
dropped.file exe c090d13b96aec4a4fd31a0de2b08009f / 217088 bytes / @ 69632
dropped.file exe 6149cd148c434bce84da5e86a98d8b50 / 229376 bytes / @ 286720
b05862319c96d69d32fe40793901be3d view report 73f9c07c00c92668038097cbf5f0b08f3f97a8213c34812dc40a89fa8ddb0102_P020180511755016110853.xls 81920 42 X 0 0
68186: exploit.office embedded Visual Basic execute shell command Wscript.Shell
73490: suspicious.office Visual Basic macro
64599: string.URLDownloadToFileA
75160: string.shell32.dll