Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
a227ae50f87c97d89219352ff9947fe2 view report PO1062017.doc 76797 12 X 0 0
73430: suspicious.office Visual Basic macro
54883: string.CreateProcessA
2f6facbe97a745948ea7787ae0707e21 view report A bit Smarter - Public Version.zip 1041868 70 X 0 0
embedded.file A bit Smarter - Public Version.exe 7159e0006210ce6962bd0a5a098db38e
A bit Smarter - Public Version.exe.78: string.This program cannot be run in DOS mode
A bit Smarter - Public Version.exe.2172584: string.LoadLibraryA
A bit Smarter - Public Version.exe.2172698: string.GetModuleHandleA
A bit Smarter - Public Version.exe.2172556: string.CloseHandle
A bit Smarter - Public Version.exe.1446367: string.KERNEL32
A bit Smarter - Public Version.exe.2172816: string.GetMessageA
A bit Smarter - Public Version.exe.2172928: string.CreateWindowExA
22dfdf960feba8b5bfbd15df865f7877 view report =?UTF-8?B?0YLQvtC/INC/0LLQvyAyMjcuemlw?= 359195 10 X 0 0
embedded.file Regedit Tweaker V0.3.exe e834c7dc648f7ccf56a678bf7faf23d7
Regedit Tweaker V0.3.exe.78: string.This program cannot be run in DOS mode
360c8ce65e1d724e58bf0483a795fe6c view report bimil220.zip 653891 30 X 0 0
embedded.file Bimil.exe c36e48467d456c6da50be6e2cfadb4dd
Bimil.exe.78: string.This program cannot be run in DOS mode
Bimil.exe.298444: string.GetCommandLineA
Bimil.exe.286248: string.user32.dll
1449d8fe4ddd8ab6b7a3d4cccc162c4c view report /download.php 7689878 1100 X 0 0
embedded.file Hunspellx86.dll d41b0dfb579f39cf0b7cb017834fa845
Hunspellx86.dll.78: string.This program cannot be run in DOS mode
Hunspellx86.dll.281310: string.GetCommandLineA
Hunspellx86.dll.281220: string.GetProcAddress
Hunspellx86.dll.281132: string.EnterCriticalSection
Hunspellx86.dll.281774: string.CloseHandle
Hunspellx86.dll.282182: string.CreateFileA
Hunspellx86.dll.281076: string.KERNEL32
Hunspellx86.dll.261555: string.ExitProcess
embedded.file SubtitleEdit.exe 6310c97b6db85df8df64762bab8d02f2
SubtitleEdit.exe.2818929: exploit.office embedded Visual Basic accessing file OpenTextFile
SubtitleEdit.exe.78: string.This program cannot be run in DOS mode
SubtitleEdit.exe.3077805: string.GetCommandLineA
SubtitleEdit.exe.2882415: string.GetProcAddress
SubtitleEdit.exe.3086461: string.user32.dll
embedded.file es-MX.xml 18cce2e2359e5f66e60fb0bf43344e6f
es-MX.xml.33644: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file ja-JP.xml a5f80fa72cc2a23f820d23ede90e74a6
ja-JP.xml.32386: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file zh-CHS.xml c1d745de9634a1e2d284ec04b269f336
zh-CHS.xml.31465: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file fi-FI.xml 4b4072c938de1c5dc9b65598746915dd
fi-FI.xml.29860: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file sv-SE.xml 78db8975acdfd79e980ebbd514bd7784
sv-SE.xml.28278: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file hr-HR.xml 983e0e535161139c2588123efb1609ff
hr-HR.xml.33304: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file es-ES.xml bded444247710a8c6ee6eee0ea14d45f
es-ES.xml.25253: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file fa-IR.xml 5f3ea1950db9e8cd93e85903616bf473
fa-IR.xml.28935: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file es-AR.xml 0ee98cda13e6d2df277b6e4eb3638d32
es-AR.xml.30407: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file fr-FR.xml 31a6b2d86039b2c1561fb980ed38eb2d
fr-FR.xml.30896: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file ru-RU.xml 5ba27fa95a9629bcaaa2b9584aed5465
ru-RU.xml.42670: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file it-IT.xml 795e3a06e819d58cd36e3e4023d1afa2
it-IT.xml.34395: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file nl-NL.xml b59d4d825d80cd523c3f275bd44efb87
nl-NL.xml.33463: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file eu-ES.xml d824eb7bc550f462166e8d74b14c14e5
eu-ES.xml.34308: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file pt-PT.xml 40660dc9672a9a6283dcc01216be87dd
pt-PT.xml.35132: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file ar-EG.xml 7a191be2aedfdc01a5f4c761ccb7f717
ar-EG.xml.32788: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file pl-PL.xml 6b6db72cb9f4b9dea14c3b5ad0405bee
pl-PL.xml.35022: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file cs-CZ.xml 60e18fbda6ae3051a38b9d6cfa3b779e
cs-CZ.xml.34606: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file vn-VN.xml 37faa064c53042b1cfd6f1acfa6c2c0b
vn-VN.xml.33635: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file ko-KR.xml 7383ef73d6e78746f203b8f1f6df8855
ko-KR.xml.35844: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file en-GB.xml aa4ec3d88bbeef7cea50eb375cd26356
en-GB.xml.31873: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file sr-Cyrl-RS.xml 80b5fbec920aee3b351e0beb1230bf1f
sr-Cyrl-RS.xml.30769: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file ro-RO.xml 9757a942c27ec3edea1a82627cd5bf21
ro-RO.xml.29691: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file pt-BR.xml 4ba1000772d7035509d892cf4f9eec78
pt-BR.xml.34539: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file sr-Latn-RS.xml bbb2e8053b40d5bc30c57a74d47991fd
sr-Latn-RS.xml.29581: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file tr-TR.xml d8ea0ac27d00646c22f54bc098ce7719
tr-TR.xml.29676: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file de-DE.xml e6199448ce6c13641068beaf23babeea
de-DE.xml.33880: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file ca-ES.xml 551f23d31acedc4b0b9a1f74829f1d3e
ca-ES.xml.33118: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file da-DK.xml a5baf13c329a071111a22a124b910e9c
da-DK.xml.32876: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file el-GR.xml f08cb0afe389bb79ef11ef807574b2d5
el-GR.xml.33887: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file bg-BG.xml 178f22ecad347f990a359a26ab7c1052
bg-BG.xml.43270: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file hu-HU.xml 903889f703fdbaff8f9fc59ba73ffcef
hu-HU.xml.33336: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file zh-tw.xml 623da62574022b02b966483ff84fd25d
zh-tw.xml.28072: exploit.office embedded Visual Basic accessing file OpenTextFile
embedded.file msvcp90.dll 871f979d70414c900b35e56222932daf
msvcp90.dll.78: string.This program cannot be run in DOS mode
msvcp90.dll.279372: string.EnterCriticalSection
msvcp90.dll.279676: string.KERNEL32
embedded.file tesseract.exe 689a4aaa3b270170ef52bb8f30e239af
tesseract.exe.78: string.This program cannot be run in DOS mode
tesseract.exe.2223522: string.CreateProcessA
tesseract.exe.2223800: string.KERNEL32
tesseract.exe.dropped.file pdf 0d6e80c4d20342a3bedb3ef325114c0f / 535452 bytes / @ 1815652
embedded.file msvcr90.dll 4d03ca609e68f4c90cf66515218017f8
msvcr90.dll.78: string.This program cannot be run in DOS mode
msvcr90.dll.579730: string.LoadLibraryA
msvcr90.dll.581428: string.GetModuleHandleA
msvcr90.dll.578726: string.GetCommandLineA
msvcr90.dll.578522: string.GetProcAddress
msvcr90.dll.579712: string.CreateProcessA
msvcr90.dll.578792: string.EnterCriticalSection
msvcr90.dll.580180: string.GetEnvironmentVariableA
msvcr90.dll.578830: string.CloseHandle
msvcr90.dll.580484: string.CreateFileA
msvcr90.dll.80972: string.KERNEL32
msvcr90.dll.1775: string.ExitProcess
embedded.file NHunspell.dll 3cd82be407925f4fd5ca2442d35957eb
NHunspell.dll.78: string.This program cannot be run in DOS mode
NHunspell.dll.19378: string.GetProcAddress
embedded.file Interop.QuartzTypeLib.dll 918411bcfc8fa703e684491c3cd16f26
Interop.QuartzTypeLib.dll.78: string.This program cannot be run in DOS mode
embedded.file voikkox86.dll b78127998ca65b141c16a191fd72dc52
voikkox86.dll.78: string.This program cannot be run in DOS mode
voikkox86.dll.744552: string.LoadLibraryA
voikkox86.dll.744400: string.GetModuleHandleA
voikkox86.dll.744420: string.GetProcAddress
voikkox86.dll.744198: string.EnterCriticalSection
voikkox86.dll.744104: string.CloseHandle
voikkox86.dll.744118: string.CreateFileA
voikkox86.dll.744068: string.RegOpenKeyExA
voikkox86.dll.745944: string.KERNEL32
4489e8f65968fc41f4e39bdea7c8c572 view report QIMACROS.XLAM 1877977 42 X 0 0
embedded.file vbaProject.bin 929eaabd729d1f0e60fc2c48bf40f0d2
vbaProject.bin.3372754: suspicious.office Visual Basic macro
vbaProject.bin.260595: string.RegOpenKeyExA
vbaProject.bin.260899: string.RegDeleteKeyA
vbaProject.bin.3388421: string.shell32.dll
vbaProject.bin.14476: string.vbs On Error Resume Next
a084d8aa6139532dd9b919fb62dd665c view report =?UTF-8?B?0JDQutGC0YPQsNC70YzQvdC1INCf0L7Qu9C+0LbQtdC90L3RjyDQstCw0LPQvtC90ZbQsi54bHNt?= 1443318 72 X 0 0
embedded.file vbaProject.bin 3cd65ac98dc664fe21876e0eae2164c6
vbaProject.bin.998452: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.822354: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.998505: exploit.office embedded Visual Basic accessing file OpenTextFile
vbaProject.bin.1070802: suspicious.office Visual Basic macro
vbaProject.bin.93373: string.vbs On Error Resume Next
Yara:
office_vb_dropper
d506765be5afd5469eb8f6af3061275a view report Player_RagsSetup.2.4.16.zip 2939768 250 X 0 0
embedded.file RagsSetup.msi bd83ede40c410c7e14291efd08b130ff
RagsSetup.msi.62542: string.This program cannot be run in DOS mode
RagsSetup.msi.265500: string.LoadLibraryA
RagsSetup.msi.265380: string.GetModuleHandleA
RagsSetup.msi.266096: string.GetCommandLineA
RagsSetup.msi.265362: string.GetProcAddress
RagsSetup.msi.266908: string.EnterCriticalSection
RagsSetup.msi.267176: string.GetEnvironmentVariableA
RagsSetup.msi.265400: string.CloseHandle
RagsSetup.msi.267478: string.CreateFileA
RagsSetup.msi.87536: string.Advapi32.dll
RagsSetup.msi.265204: string.RegOpenKeyExA
RagsSetup.msi.265990: string.RegDeleteKeyA
RagsSetup.msi.265570: string.KERNEL32
RagsSetup.msi.74867: string.ExitProcess
RagsSetup.msi.dropped.file exe 873f249868bf9a25ff1921f1aaebaa46 / 276224 bytes / @ 62464
RagsSetup.msi.dropped.file rtf e198a40f02c8a732f7336d6e4f457f17 / 117728 bytes / @ 338688
RagsSetup.msi.dropped.file rtf 45f5bad89250bda18ea754f381a82b2f / 99 bytes / @ 456416
RagsSetup.msi.dropped.file rtf 9cbda320f801f9548f59cde344fbb783 / 79 bytes / @ 456515
RagsSetup.msi.dropped.file rtf 46821bd9f3fad39e2a6d723a6fe00f6f / 74 bytes / @ 456594
RagsSetup.msi.dropped.file rtf e7e93633357391d4ee99ea5da745f372 / 70 bytes / @ 456668
RagsSetup.msi.dropped.file rtf df988ab33e7b1ca118a904f8aa64d59a / 76 bytes / @ 456738
RagsSetup.msi.dropped.file rtf 9af173888c4d429f952a0d7b841f0f64 / 83 bytes / @ 456814
RagsSetup.msi.dropped.file rtf 46821bd9f3fad39e2a6d723a6fe00f6f / 74 bytes / @ 456897
RagsSetup.msi.dropped.file rtf 59bfeb10fe087faf181107f4ea192c6e / 823 bytes / @ 456971
RagsSetup.msi.dropped.file rtf 9264f106dd70a736431110aae52b05f8 / 130 bytes / @ 457794
RagsSetup.msi.dropped.file rtf ce345262a648a2930e36075c49563939 / 183 bytes / @ 457924
RagsSetup.msi.dropped.file rtf a489d25f69600540d5604410c499dca4 / 91 bytes / @ 458107
RagsSetup.msi.dropped.file rtf bb2c8e54b0d3921dddbd78483170b40e / 1277 bytes / @ 458198
RagsSetup.msi.dropped.file rtf b527d0d2043ecd40cf7466a5dcb8ac73 / 87 bytes / @ 459475
RagsSetup.msi.dropped.file rtf 028ed758096c4cea54a5d5d6a9e691e3 / 2558 bytes / @ 459562
RagsSetup.msi.dropped.file rtf e335f2dc1b790aa22c8b0fddbfc6589a / 110 bytes / @ 462120
RagsSetup.msi.dropped.file rtf 716f73bc673b676ea6537210e1cb0fa1 / 1722 bytes / @ 462230
RagsSetup.msi.dropped.file rtf 82eddd166e37dd7873f1c23535cc5cde / 115 bytes / @ 463952
RagsSetup.msi.dropped.file rtf 218a010bfd0dbb9d59fc74ca70bd46eb / 1948 bytes / @ 464067
RagsSetup.msi.dropped.file rtf 75ac18f8601b3e6ab846b97caf6b74b0 / 104 bytes / @ 466015
RagsSetup.msi.dropped.file rtf 20a95294fe74c144e622914023bbe104 / 557 bytes / @ 466119
RagsSetup.msi.dropped.file rtf 3ba56a0e1138d780cd9d311c2299e18f / 91 bytes / @ 466676
RagsSetup.msi.dropped.file rtf dd041bc1f2e50d321bb6b870a6f50c93 / 419 bytes / @ 466767
RagsSetup.msi.dropped.file rtf 0b68347900a5c31df9e9fff61e7a7d03 / 100 bytes / @ 467186
RagsSetup.msi.dropped.file rtf 92cdee357d9f66dafc7c0dd434a2e81a / 507 bytes / @ 467286
RagsSetup.msi.dropped.file rtf 5ac139398731868dcc057c27e1fb02fe / 87 bytes / @ 467793
RagsSetup.msi.dropped.file rtf 5c15fb6d08411b90fa0f69ce17cd37ea / 226 bytes / @ 467880
RagsSetup.msi.dropped.file rtf 8185653782b22d30db2e79da17079f12 / 100 bytes / @ 468106
RagsSetup.msi.dropped.file rtf 0845783b099ba95a3e2c4c864144827d / 2357 bytes / @ 468206
RagsSetup.msi.dropped.file rtf dbb47bc78e7aa1dc911995a30d5b96b9 / 91 bytes / @ 470563
RagsSetup.msi.dropped.file rtf fd25a604e01ef2a764d336d2ed0502e8 / 154 bytes / @ 470654
RagsSetup.msi.dropped.file rtf ffc567e558553b53ff3365bb048d90ba / 2636520 bytes / @ 470808
embedded.file setup.exe e0489e3e8cc9a3ef912f8ba76b1dcc81
setup.exe.78: string.This program cannot be run in DOS mode
setup.exe.321666: string.LoadLibraryA
setup.exe.320876: string.GetSystemMetrics
setup.exe.319240: string.GetProcAddress
setup.exe.319526: string.EnterCriticalSection
setup.exe.322570: string.GetEnvironmentVariableA
setup.exe.319258: string.CloseHandle
setup.exe.322638: string.CreateFileA
setup.exe.317984: string.RegOpenKeyExA
setup.exe.320396: string.KERNEL32
setup.exe.23655: string.ExitProcess
Yara:
artifact_Msxml
90ddeb54c1868ed02263d01bc1f45101 view report Forms5.docx 17465 32 X 0 0
embedded.file oleObject1.bin fda2fb699b1eb7cd1c814638b27240e9
oleObject1.bin.2775: exploit.office embedded Visual Basic execute shell command Wscript.Shell
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.2753: string.vbs WScript
oleObject1.bin.dropped.file vbs c0672554d27039f4f1e9fc2ed84ae801 / 38 bytes / @ 2583
oleObject1.bin.dropped.file vbs 4c5b3763b0d43b65fbfc22814b55a07c / 57 bytes / @ 2621
oleObject1.bin.dropped.file vbs 24487362735d736dc7c7c0805947ffee / 4490 bytes / @ 2678
af3aa76effb12f8a2e71424cb7aac39e view report d15a52fd7cb20961d88228f995d6cf461189b5eb629ad08f943007a76ab62e36 476718 54 X 0 0
embedded.file vbaProject.bin 043b5f6052cc48b6e4efaf8f7a2fe04e
vbaProject.bin.89787: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.425170: suspicious.office Visual Basic macro
vbaProject.bin.235558: string.user32.dll
vbaProject.bin.228357: string.shell32.dll
vbaProject.bin.348413: string.vbs On Error Resume Next
embedded.file activeX19.xml 2ab35ff7cacf18264e93fed0beb65966
activeX19.xml.56: suspicious.office activeX
Yara:
office_vb_dropper
fda2fb699b1eb7cd1c814638b27240e9 view report oleObject1.bin 7168 32 X 0 0
2775: exploit.office embedded Visual Basic execute shell command Wscript.Shell
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
2753: string.vbs WScript
dropped.file vbs c0672554d27039f4f1e9fc2ed84ae801 / 38 bytes / @ 2583
dropped.file vbs 4c5b3763b0d43b65fbfc22814b55a07c / 57 bytes / @ 2621
dropped.file vbs 24487362735d736dc7c7c0805947ffee / 4490 bytes / @ 2678
107ec5b523155a1fee9d9ba473d17c9b view report FreeCoins.zip 1098918 10 X 0 0
embedded.file FreeCoins v2.exe 1dd54fab8547d8e8fa406851df20033b
FreeCoins v2.exe.78: string.This program cannot be run in DOS mode
5697819d118ab8e013bbc17d1c3ac4dc view report 5697819d118ab8e013bbc17d1c3ac4dc 146944 72 X 0 0
97622: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
98206: exploit.office embedded Visual Basic execute shell command Wscript.Shell
104699: exploit.office embedded Visual Basic accessing file OpenTextFile
135890: suspicious.office Visual Basic macro
94912: string.vbs On Error Resume Next
dropped.file vbs 37c426d7d8ab90bed3f4bfb844494a5e / 19998 bytes / @ 101312
dropped.file vbs e79473710098e19a50fbd04991d45d3a / 25634 bytes / @ 121310
929eaabd729d1f0e60fc2c48bf40f0d2 view report vbaProject.bin 3681792 42 X 0 0
3372754: suspicious.office Visual Basic macro
260595: string.RegOpenKeyExA
260899: string.RegDeleteKeyA
3388421: string.shell32.dll
14476: string.vbs On Error Resume Next
5f16b0024eb6ddf9ee35ba6b831dde07 view report VisualBoyAdvance-1.2-SDL-Win32-fixed.zip 365796 120 X 0 0
embedded.file SDL.dll 348dbf2a3f2c877bb248e1e5f6d38996
SDL.dll.78: string.This program cannot be run in DOS mode
SDL.dll.183296: string.LoadLibraryA
SDL.dll.183344: string.GetModuleHandleA
SDL.dll.183756: string.GetSystemMetrics
SDL.dll.183262: string.GetProcAddress
SDL.dll.183194: string.CloseHandle
SDL.dll.183512: string.KERNEL32
SDL.dll.183546: string.GetMessageA
SDL.dll.183640: string.CreateWindowExA
embedded.file VisualBoyAdvance-SDL.exe 2f701c2223185394526f982bd03c1f86
VisualBoyAdvance-SDL.exe.78: string.This program cannot be run in DOS mode
VisualBoyAdvance-SDL.exe.720074: string.GetModuleHandleA
VisualBoyAdvance-SDL.exe.720092: string.KERNEL32
VisualBoyAdvance-SDL.exe.dropped.file elf 0c43831c78a0a9418fe79a6dc0f05d0c / 702683 bytes / @ 124709
Yara:
gh0st