Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
7f68451d8fbb7936d9b713fbf2cdcb82 view report 7f68451d8fbb7936d9b713fbf2cdcb82_vbaProject.bin 20480 12 X 0 0
16658: suspicious.office Visual Basic macro
3307: string.CreateProcessA
7e808ad1190ce977b5086bf59fdb4217 view report 7e808ad1190ce977b5086bf59fdb4217_6t45eyv_1_.exe 308736 110 X 1 0
3662: string.This program cannot be run in DOS mode
140862: string.LoadLibraryA
140540: string.GetModuleHandleA
139900: string.GetCommandLineA
140056: string.GetProcAddress
139826: string.EnterCriticalSection
140992: string.CloseHandle
140978: string.CreateFileA
130532: string.KERNEL32
128843: string.ExitProcess
138598: string.CreateWindowExA
dropped.file exe 76fff47c56457a8e86f264466d824113 / 305152 bytes / @ 3584
7b2395a12a329152c41930cfa2480c59 view report 7b2395a12a329152c41930cfa2480c59_009u98j9_1_.exe 167936 60 X 1 0
3150: xor_0x95.not.string.This program cannot be run in DOS mode
160594: xor_0x95.not.string.GetProcAddress
160552: xor_0x95.not.string.CloseHandle
159792: xor_0x95.not.string.user32.dll
160788: xor_0x95.not.string.KERNEL32
160566: xor_0x95.not.string.ExitProcess
dropped.file exe fe4564aee6fe4ac67c78c73e341323de / 164864 bytes / @ 3072
732cf2689099ac9859e86ad959a41596 view report 732cf2689099ac9859e86ad959a41596 188445 12 X 256 0
164: obfuscation.office RTF embedded Word Document
12395: string.transposition cipher of This program cannot be run in DOS mode
dropped.file exe 9f9c08dd3fad3608f52acfd42e3edd63 / 131072 bytes / @ 12317
dropped.file doc fa3b1b5c300ae3647543a77fb647c528 / 45056 bytes / @ 143389
f262eb2435e8a0177ccf047e586f92c9 view report oleObject1.bin 4549632 142 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
38112: string.This program cannot be run in DOS mode
64646: string.LoadLibraryA
64106: string.GetModuleHandleA
64612: string.GetCommandLineA
65774: string.GetSystemMetrics
64070: string.GetProcAddress
64740: string.CreateProcessA
64250: string.CloseHandle
64778: string.CreateFileA
66332: string.RegOpenKeyExA
66316: string.RegDeleteKeyA
64870: string.KERNEL32
64558: string.ExitProcess
65320: string.CreateWindowExA
dropped.file exe 2f9dbad341c50b97af9a213f95affacf / 4511598 bytes / @ 38034
1bcb42fb6892883560e2d870ca68481f view report vbaProject.bin 672256 32 X 0 0
181669: exploit.office embedded Visual Basic execute shell command Wscript.Shell
543324: suspicious.office Visual Basic macro
228173: string.vbs On Error Resume Next
44bdf777faf0f321b24db4721d3b4630 view report oleObject1.bin 1737728 12 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
16073: string.This program cannot be run in DOS mode
dropped.file exe db1196d4a59c6d6741e35ca3486d0838 / 1721733 bytes / @ 15995
42046158fb51fbdcd02244dbcf21f430 view report Tom-Resume.doc.bin 350720 52 X 0 0
123325: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
186406: exploit.office embedded Visual Basic accessing file OpenTextFile
212738: suspicious.office Visual Basic macro
186278: string.vbs CreateObject
1b2f2c14c2bf0b20e94d4c870ecfe90a view report Almakite-algam tender.doc 1018812 14 X 0 0
embedded.file vbaProject.bin 2fd781be9f0bcf5322bdc35d3d8df45f
vbaProject.bin.10514: suspicious.office Visual Basic macro
embedded.file oleObject1.bin 44bdf777faf0f321b24db4721d3b4630
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.16073: string.This program cannot be run in DOS mode
oleObject1.bin.dropped.file exe db1196d4a59c6d6741e35ca3486d0838 / 1721733 bytes / @ 15995
5f3ad732b78b47a5eea1e6433a10bb3e view report COLLEEN-Resume.doc 350720 52 X 0 0
123325: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
186406: exploit.office embedded Visual Basic accessing file OpenTextFile
212738: suspicious.office Visual Basic macro
186278: string.vbs CreateObject
af0d1e560bdfda7cb0f7796da1a576fb view report 7-2016 TPAIR.xls 783360 12 X 0 0
753374: suspicious.office Visual Basic macro
543288: string.vbs On Error Resume Next
d2582b727b5afcb0a043673861d8e9c4 view report BuyersOrderPro.doc 673280 112 X 0 0
9808: suspicious.office Packager ClassID used by CVE-2014-6352 C
15557: string.This program cannot be run in DOS mode
213121: string.LoadLibraryA
213189: string.GetModuleHandleA
213859: string.GetCommandLineA
184039: string.GetSystemMetrics
212461: string.GetProcAddress
213305: string.EnterCriticalSection
212447: string.CloseHandle
214335: string.CreateFileA
189547: string.KERNEL32
187982: string.ExitProcess
dropped.file exe 61c365faf4921647fdf9d379eadb9ed4 / 657801 bytes / @ 15479
0956db7714e08388352c5c4f697ab88a view report 0956db7714e08388352c5c4f697ab88a 420502 300 X 0 0
embedded.file image1.eps 2ee6b635af39d8f52dc8478ffa191552
image1.eps.embedded.file datastore-10017838 740e082b1cd7c1389b4edefc89e1d71c
image1.eps.datastore-10017838.86: string.This program cannot be run in DOS mode
image1.eps.datastore-10017838.5980: string.LoadLibraryA
image1.eps.datastore-10017838.36994: string.GetModuleHandleA
image1.eps.datastore-10017838.36822: string.GetCommandLineA
image1.eps.datastore-10017838.5962: string.GetProcAddress
image1.eps.datastore-10017838.5096: string.CreateProcessA
image1.eps.datastore-10017838.36638: string.EnterCriticalSection
image1.eps.datastore-10017838.5996: string.CloseHandle
image1.eps.datastore-10017838.5898: string.CreateFileA
image1.eps.datastore-10017838.37784: string.user32.dll
image1.eps.datastore-10017838.37772: string.shell32.dll
image1.eps.datastore-10017838.6040: string.KERNEL32
image1.eps.datastore-10017838.36738: string.ExitProcess
image1.eps.datastore-10017838.dropped.file exe 9be2819ee2552ffb745e272786abedcf / 6720 bytes / @ 8
image1.eps.datastore-10017838.dropped.file exe 00c8da326ee1bab2b0b4e31ba8bedc01 / 116680 bytes / @ 6728
image1.eps.embedded.file datastore-10287356 e901240db1d5e63a12be58160143024a
image1.eps.datastore-10287356.86: string.This program cannot be run in DOS mode
image1.eps.datastore-10287356.27246: string.LoadLibraryA
image1.eps.datastore-10287356.26960: string.GetModuleHandleA
image1.eps.datastore-10287356.26534: string.GetCommandLineA
image1.eps.datastore-10287356.27228: string.GetProcAddress
image1.eps.datastore-10287356.26422: string.CreateProcessA
image1.eps.datastore-10287356.27104: string.EnterCriticalSection
image1.eps.datastore-10287356.26980: string.GetEnvironmentVariableA
image1.eps.datastore-10287356.26440: string.CloseHandle
image1.eps.datastore-10287356.26466: string.CreateFileA
image1.eps.datastore-10287356.25736: string.user32.dll
image1.eps.datastore-10287356.59796: string.shell32.dll
image1.eps.datastore-10287356.26518: string.KERNEL32
image1.eps.datastore-10287356.26566: string.ExitProcess
image1.eps.datastore-10287356.dropped.file exe f103b1946954a6e2b905a92891135809 / 28744 bytes / @ 8
image1.eps.datastore-10287356.dropped.file exe c6d83084c32a5608341fa0ea55114c36 / 77760 bytes / @ 28752
image1.eps.10267973: exploit.office PostScript CVE-2015-2545
image1.eps.10007725: string.KERNEL32
56c84cbeeff87c2eafad6698c2ec9127 view report 2dd8a2035afe75e7e430f9b1c45f6fc0ccbe5730_7.docx 3864272 132 X 0 0
embedded.file oleObject1.bin 28ab7b6af58326aafdeb90b976497600
oleObject1.bin.346507: exploit.office embedded Visual Basic execute shell command Wscript.Shell
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.34064: string.This program cannot be run in DOS mode
oleObject1.bin.221116: string.LoadLibraryA
oleObject1.bin.220876: string.GetModuleHandleA
oleObject1.bin.220458: string.GetCommandLineA
oleObject1.bin.218922: string.GetSystemMetrics
oleObject1.bin.217882: string.GetProcAddress
oleObject1.bin.218360: string.EnterCriticalSection
oleObject1.bin.217348: string.CloseHandle
oleObject1.bin.221256: string.CreateFileA
oleObject1.bin.207430: string.KERNEL32
oleObject1.bin.205725: string.ExitProcess
oleObject1.bin.dropped.file exe bdf1a6da0ab23444194b5986ff8b0739 / 312488 bytes / @ 33986
oleObject1.bin.dropped.file vbs 9e07d003b61393f65ce5f19df441a033 / 3695766 bytes / @ 346474
Yara:
winrar_sfx
d65a8e90b22e9ac1b9b12477e977479c view report 7e09135d61ca0.bup 300544 10 X 256 0
194116: string.CloseHandle
dropped.file exe 4cf15f0eb7364690d4aa249b10d188bd / 296960 bytes / @ 3584