Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
66688cfb6ce26e6e07bbcd6c87d77fc2 view report QE150129 1174395 184 X 0 0
embedded.file libatse.so bfd61c779bbee4782c008222fa4ce55b
libatse.so.2564780: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
libatse.so.2564915: exploit.office embedded Visual Basic execute shell command Wscript.Shell
libatse.so.2371560: suspicious.office encrypted document
libatse.so.2551793: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs E
libatse.so.2551996: suspicious.script potential active content
libatse.so.2440462: string.This program cannot be run in DOS mode
libatse.so.2456726: string.LoadLibraryA
libatse.so.2453978: string.GetModuleHandleA
libatse.so.2452709: string.GetCommandLineA
libatse.so.2454478: string.GetProcAddress
libatse.so.2450541: string.CreateProcessA
libatse.so.2451014: string.EnterCriticalSection
libatse.so.2453386: string.GetEnvironmentVariableA
libatse.so.2449918: string.CloseHandle
libatse.so.2450334: string.CreateFileA
libatse.so.2255357: string.KERNEL32
libatse.so.2451448: string.ExitProcess
libatse.so.dropped.file vbs 1cb88f4b19fe0c95d1f4ef1c26646a33 / 520295 bytes / @ 497431
libatse.so.dropped.file elf f3d470d980ae0123e1d92580ded6bf5f / 6999 bytes / @ 1017726
libatse.so.dropped.file macho 0fb7fe3d3a7c037bc73be447e900a2ab / 724769 bytes / @ 1024725
libatse.so.dropped.file vbs 7e6932d5fe7da500ec9221bbb32088cd / 248639 bytes / @ 1749494
libatse.so.dropped.file vbs a2cfba63a8cac3b76d4ca344eef17658 / 129600 bytes / @ 1998133
libatse.so.dropped.file vbs e121fe21e6d70b771466c62642dd3010 / 143460 bytes / @ 2127733
libatse.so.dropped.file vbs 05e7a3e87ac7b5cf730375f242b16943 / 19849 bytes / @ 2271193
libatse.so.dropped.file doc 262541f97a1f19a0c28315e02d21e115 / 56321 bytes / @ 2291042
libatse.so.dropped.file vbs a49f8e0a378fa8b75f2904873ca580a9 / 217 bytes / @ 2347363
libatse.so.dropped.file rtf 1b512d41d5b4ccef444a051a60ebe4e9 / 49 bytes / @ 2347580
libatse.so.dropped.file macho 2729ae5e2ea97be3ee3f780adb1f5130 / 7901 bytes / @ 2347629
libatse.so.dropped.file pdf bc90209609d2484f41597ede42567030 / 26 bytes / @ 2355530
libatse.so.dropped.file pdf bae9a84609723c07c254d018b586ca5a / 14012 bytes / @ 2355556
libatse.so.dropped.file doc f7e04e714a0f72eaa1c1b71b4c36e69d / 5152 bytes / @ 2369568
libatse.so.dropped.file rtf 7a8927502b061e2865fd65f7a916d4f1 / 9820 bytes / @ 2374720
libatse.so.dropped.file pdf 89ab9e615acc18ddf3453a1fc06b4346 / 55844 bytes / @ 2384540
libatse.so.dropped.file exe c5928c35dd9c512d2f4fbc47341ac34b / 112593 bytes / @ 2440384
libatse.so.dropped.file pdf ce38a8da72e6aa8ed9d0f1eab658d8ac / 3076 bytes / @ 2552977
libatse.so.dropped.file doc 1e368a69d0c3ca51e2696dc1dfec564f / 25109 bytes / @ 2556053
libatse.so.dropped.file vbs ef88890d6058792c9fa35fdb646f51de / 120414 bytes / @ 2581162
Yara:
mime_mso mime_mso_embedded_SuppData mime_mso_embedded_ole
64536373205829e2d8ca6608e1d8f5a4 view report CP_64536373205829e2d8ca6608e1d8f5a4 46592 10 X 0 0
1656: string.vbs On Error Resume Next
83dbc11023bba60e280caab64d93c7f6 view report QUOTATION.docx 318841 22 X 0 0
embedded.file oleObject1.bin 9ba16fc74eed69b024e3ce2fbf99f8a9
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.4332: string.This program cannot be run in DOS mode
oleObject1.bin.239544: string.CloseHandle
oleObject1.bin.dropped.file exe 609edc37cbcd7e47c9eee905bde91005 / 216824 bytes / @ 4254
oleObject1.bin.dropped.file exe 2a79e13453c7b2aa468d6997b36127a3 / 23658 bytes / @ 221078
72e01169b0a27f6175a16989008cf977 view report important information.doc 360960 32 X 0 0
327390: suspicious.office Visual Basic macro
136618: exploit.office VB Macro auto execute
329405: string.shell32.dll
9ba16fc74eed69b024e3ce2fbf99f8a9 view report oleObject1.bin 244736 22 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
4332: string.This program cannot be run in DOS mode
239544: string.CloseHandle
dropped.file exe 609edc37cbcd7e47c9eee905bde91005 / 216824 bytes / @ 4254
dropped.file exe 2a79e13453c7b2aa468d6997b36127a3 / 23658 bytes / @ 221078
3bd7af11411bdc3117cdb2830b6b976a view report VirusShare_3bd7af11411bdc3117cdb2830b6b976a 145920 72 X 0 0
94996: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
95580: exploit.office embedded Visual Basic execute shell command Wscript.Shell
102073: exploit.office embedded Visual Basic accessing file OpenTextFile
135390: suspicious.office Visual Basic macro
92286: string.vbs On Error Resume Next
dropped.file vbs 7bd0a0d83a77f46d829313e5e65f2320 / 19998 bytes / @ 98686
dropped.file vbs 770eb338eb9185f2acf62c34a6f35c58 / 27236 bytes / @ 118684
79bd44d1b19154d269657ef927676014 view report CP_79bd44d1b19154d269657ef927676014 35840 10 X 0 0
16564: string.vbs On Error Resume Next
dropped.file doc 2f887b07966024b09b88ab4708ade0c3 / 9581 bytes / @ 10266
dropped.file doc 4d479be9ae63c4ac8917670074b4fc48 / 3798 bytes / @ 19847
dropped.file doc 81a345fbed2d5daa3af026e2a8649180 / 5066 bytes / @ 23645
dropped.file doc cbc21441e67646fc971455cd559763ce / 1178 bytes / @ 28711
dropped.file doc 1225f7bccf27968d19a87fcc4172539a / 876 bytes / @ 29889
dropped.file doc 7b93a472430b194b50019282af8b2307 / 125 bytes / @ 30765
dropped.file doc 720dfa910832f4569bf56679e454d568 / 790 bytes / @ 30890
dropped.file doc 3506e03afb957dc43431a53222be58f7 / 4160 bytes / @ 31680
279a58e43ba1bbb2860a90b78c5f869f view report 129910 50388 22 X 0 0
embedded.file vbaProject.bin 2d5ce9e463f28c81e8f39c32ed1f9275
vbaProject.bin.6814: suspicious.office Visual Basic macro
vbaProject.bin.7291: string.LoadLibraryA
vbaProject.bin.7327: string.GetProcAddress
ef218e6978f4d185be582f6a1e263ffb view report CP_ef218e6978f4d185be582f6a1e263ffb 39424 10 X 0 0
1809: string.vbs On Error Resume Next
28011b0bf2822efe6534a3de1a3d082c view report excelre.xla 4999680 82 X 0 0
57363: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
2675030: exploit.office embedded Visual Basic execute shell command Wscript.Shell
3910932: suspicious.office Visual Basic macro
3011119: string.CloseHandle
3914652: string.shell32.dll
3921443: string.KERNEL32
2553552: string.vbs On Error Resume Next
dropped.file vbs bf05fcd8af99d695f9d4c49c89deaefc / 40 bytes / @ 50779
dropped.file vbs ce2a9a2b7722b596c773b00009cc3b1c / 320 bytes / @ 50819
dropped.file vbs 6bfb97cd7234c86a744e4b9c3df4b483 / 48 bytes / @ 51139
dropped.file vbs 3cf9160dd50ddfb60e4e60ec6abe5e79 / 1712 bytes / @ 51187
dropped.file vbs 91824c8e34d1520ca2a3ac53e0d274a2 / 40 bytes / @ 52899
dropped.file vbs 9566613ab718139045f3c587d1cd3be3 / 1792 bytes / @ 52939
dropped.file vbs 7011ad632310234de53ea067abf9ce3a / 4232 bytes / @ 54731
dropped.file vbs 6a0d0ae596b8812e6f8ecdd8aa970711 / 408 bytes / @ 58963
dropped.file vbs 3f3a10fe6e6bec2d761ff9a1455ed364 / 40 bytes / @ 59371
dropped.file vbs ad261db8c5bf66fa696ca0ed568fdeeb / 112 bytes / @ 59411
dropped.file vbs 7c2c8d44bfb364b5e163f0b1189aeaa5 / 392 bytes / @ 59523
dropped.file vbs 2c89fce76847a5d1e41cdcd5dc1b2213 / 52 bytes / @ 59915
dropped.file vbs 4033d79d32438e57049859d601e7df88 / 224 bytes / @ 59967
dropped.file vbs 97ddfcc028c56144c29439d8d76a26a4 / 10114 bytes / @ 60191
dropped.file vbs 64422596b5107a35845b4cb284d74af5 / 960132 bytes / @ 70305
dropped.file vbs 8cf691598b1a5d16d98c4bac3c1d5b40 / 9592 bytes / @ 1030437
dropped.file vbs d0849627de942cb3231d030182bb8ded / 90872 bytes / @ 1040029
dropped.file vbs 8dd636d7e4e107f7ef83b98a49535541 / 160 bytes / @ 1130901
dropped.file vbs 449676d97faed66122e9ef0f757fd43e / 56 bytes / @ 1131061
dropped.file vbs 03a755817f8c593a418741be5eec8f80 / 223488 bytes / @ 1131117
dropped.file vbs 2f0e50b827088ffeeef16df5503829e1 / 440 bytes / @ 1354605
dropped.file vbs c2279ffd76c7edebffe294c260636d21 / 4368 bytes / @ 1355045
dropped.file vbs ccf74263e6995c6069ac3f0940752052 / 13584 bytes / @ 1359413
dropped.file vbs 66f4cd8f041d2f7af75436d73a20b56a / 440 bytes / @ 1372997
dropped.file vbs 61a07d480b4bde153c6c59d4b578cb02 / 4632 bytes / @ 1373437
dropped.file vbs d5e26692945fddaa3b561f84e859b5d6 / 28272 bytes / @ 1378069
dropped.file vbs c95c87dfa8b154439ac1a59ce825879f / 440 bytes / @ 1406341
dropped.file vbs fc1cdb9c0bcb665dd55a1df6ee6b00b0 / 5048 bytes / @ 1406781
dropped.file vbs e88e88b0a310b1633c5f001089eda47b / 18208 bytes / @ 1411829
dropped.file vbs 02efec1de569c0c1c0b6a0d80a2a8189 / 440 bytes / @ 1430037
dropped.file vbs 50d031f203e92eb79bbcc33e5f4dbef3 / 4960 bytes / @ 1430477
dropped.file vbs 61bd64582e4227c6dc4adae226404bb6 / 20744 bytes / @ 1435437
dropped.file vbs e215f5a573fe103d95b7cf4f2b8fe637 / 56 bytes / @ 1456181
dropped.file vbs 2bb3dde4ff076ff0d78b3a39f503c3b5 / 440 bytes / @ 1456237
dropped.file vbs 3505df657477f5c6ffa573937921a39e / 768 bytes / @ 1456677
dropped.file vbs 89b513179bf755d5be024c54d3f68892 / 56 bytes / @ 1457445
dropped.file vbs 2caeb3c8798e605838f36c9f13d14ce6 / 440 bytes / @ 1457501
dropped.file vbs 6f2dc5c5677e6912d49e4e919afc571a / 36296 bytes / @ 1457941
dropped.file vbs 562daf91ea11d7acc8fba4246f579c90 / 56 bytes / @ 1494237
dropped.file vbs 34977bb353480de0ea894731de2b43b5 / 440 bytes / @ 1494293
dropped.file vbs c272ac5a5458a01e16ceff5fd86b7254 / 1112 bytes / @ 1494733
dropped.file vbs 562daf91ea11d7acc8fba4246f579c90 / 56 bytes / @ 1495845
dropped.file vbs de6736e70880291e8e62d6acff7163a5 / 440 bytes / @ 1495901
dropped.file vbs 5157a0ca7f6929194b886641363e8037 / 460636 bytes / @ 1496341
dropped.file vbs ae116730757171e68cfc3f6b61cfeb3f / 85575 bytes / @ 1956977
dropped.file vbs 7400b753bf04c843642b0ff48dda5edf / 12110 bytes / @ 2042552
dropped.file vbs 4a1c2ab59c40a16f2f41860dfa1e1ab5 / 497644 bytes / @ 2054662
dropped.file vbs bb9d7a42c0aa38dbc615dce592955bf5 / 940 bytes / @ 2552306
dropped.file vbs 69b0abd9c70d4fb2946507df09856c99 / 59532 bytes / @ 2553246
dropped.file vbs e4d4d12ec11c55518ba25ad847609b48 / 54000 bytes / @ 2612778
dropped.file vbs 44be8d05b2268989f8e44fd298ee95f9 / 48 bytes / @ 2666778
dropped.file vbs 1247117bc2ab29be8ce1bf40f306aa4b / 960 bytes / @ 2666826
dropped.file vbs ff5ea7a543405757597390482b4c754e / 144 bytes / @ 2667786
dropped.file vbs 96e2754dacd232a41319393e2d1cfe45 / 152 bytes / @ 2667930
dropped.file vbs 738b7f2a2aa9c6aa967aa6560a721fc0 / 280 bytes / @ 2668082
dropped.file vbs 7321d6e49d49cd75c8512f7b3dbf06a5 / 144 bytes / @ 2668362
dropped.file vbs a0ad94f5695d5034b6340989e7938e17 / 152 bytes / @ 2668506
dropped.file vbs 7d9c179549b008bcd922f5f29b309d67 / 280 bytes / @ 2668658
dropped.file vbs f1b86ebde9ae591dcb9239e280d0a039 / 144 bytes / @ 2668938
dropped.file vbs 7292fe4eeea2fa7f8429e03754bd2622 / 152 bytes / @ 2669082
dropped.file vbs 4af79bbf744573e9b35b76f4fd78cdf6 / 280 bytes / @ 2669234
dropped.file vbs 8de0d6361134de8d7f374635e285d92e / 144 bytes / @ 2669514
dropped.file vbs ba04335eadfc534aeccfa1656fb91a17 / 152 bytes / @ 2669658
dropped.file vbs 837410a0d454a3528645c8d7036819a5 / 72397 bytes / @ 2669810
dropped.file vbs 33c11c21c9eba07d8a8b643558958cc4 / 224650 bytes / @ 2742207
dropped.file vbs 03da8ef3499bd825c533cdbf06bf14c6 / 118131 bytes / @ 2966857
dropped.file vbs 62164715445d6a112ed9f5de2150cc85 / 1914692 bytes / @ 3084988
bfdbbf99adf87cdae33bede37b89b51d view report 50023155f23385c65e361535597b26efae080743524c7ec35d0d3a4ba4c60fcf 1373184 32 X 0 0
1028140: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
1263842: suspicious.office Visual Basic macro
1012416: string.vbs On Error Resume Next
8bf86e20e6b4beac6cf82a32af08135e view report vbaProject.bin 1360896 32 X 0 0
1017860: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
1251554: suspicious.office Visual Basic macro
1001664: string.vbs On Error Resume Next
7df52369a6cdae603cb069d2a2cdf4e2 view report file0.doc 37888 32 X 0 0
22065: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
30992: suspicious.office Visual Basic macro
22992: string.vbs impersonationLevel
0dd373ee28e821490b34eaf376fd8740 view report LNC2.XLA_ 2743808 12 X 0 0
2580236: suspicious.office Visual Basic macro
43265: string.vbs On Error Resume Next
dc743aed3c330a9d2f9c63805d9dbb0a view report 1.DUTOAN XL.xls 3326464 32 X 0 0
3113553: exploit.office embedded Visual Basic execute shell command Wscript.Shell
3255506: suspicious.office Visual Basic macro
3113021: string.shell32.dll
dropped.file vbs b55658b7562df1d09f70565982eb3289 / 519003 bytes / @ 2807461