Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
a370cb6bbc6fbbf5447132f924641b5b view report 0eb79bc5b70e00c75527e218cea93252e07365f633005031377f2419f54e9788_sm.doc 503808 10 X 0 0
24654: string.This program cannot be run in DOS mode
dropped.file exe 466fb0d1728836a66abc747471addae3 / 479232 bytes / @ 24576
0b5ae35b77fc6aeac853a5615bf621ff view report 181c1b5eb807391e2dd782b75f939e0ddbb824669fdb3f2e75f06d37f24383b8_ni.doc 475136 40 X 0 0
24654: string.This program cannot be run in DOS mode
55340: string.RegOpenKeyExA
57764: string.shell32.dll
63084: string.ExitProcess
dropped.file exe 72d0ed06e4f1a784b279ca8e5f4d69ee / 450560 bytes / @ 24576
a370cb6bbc6fbbf5447132f924641b5b view report 0eb79bc5b70e00c75527e218cea93252e07365f633005031377f2419f54e9788_sm.doc 503808 10 X 0 0
24654: string.This program cannot be run in DOS mode
dropped.file exe 466fb0d1728836a66abc747471addae3 / 479232 bytes / @ 24576
0b5ae35b77fc6aeac853a5615bf621ff view report 181c1b5eb807391e2dd782b75f939e0ddbb824669fdb3f2e75f06d37f24383b8_ni.doc 475136 40 X 0 0
24654: string.This program cannot be run in DOS mode
55340: string.RegOpenKeyExA
57764: string.shell32.dll
63084: string.ExitProcess
dropped.file exe 72d0ed06e4f1a784b279ca8e5f4d69ee / 450560 bytes / @ 24576
ef23ed0bdc274b52c179110502035189 view report c2f75f85db9b9db5647e79b97cd9339efddf12ecda85f6725d47bab7d322c5b3_bamidele.doc 258048 10 X 0 0
24654: string.This program cannot be run in DOS mode
dropped.file exe 3dc40f87a4f0207ac0b0f52ab2e43852 / 233472 bytes / @ 24576
ef23ed0bdc274b52c179110502035189 view report c2f75f85db9b9db5647e79b97cd9339efddf12ecda85f6725d47bab7d322c5b3_bamidele.doc 258048 10 X 0 0
24654: string.This program cannot be run in DOS mode
dropped.file exe 3dc40f87a4f0207ac0b0f52ab2e43852 / 233472 bytes / @ 24576
6f07f7104add44b4ef8393e99ecda633 view report Statement.doc 166400 12 X 0 0
153814: suspicious.office Visual Basic macro
71255: string.CreateProcessA
772decbe7b1c8e5ac7bc32317d8afc06 view report b797b6b9dfa90893ffaf9020bea445c368977ba6ba16590869e7ed642c52afe7_Diagnostic_Report_Silent.doc 67584 12 X 0 0
14416: suspicious.office Packager ClassID used by CVE-2014-6352 C
16129: string.This program cannot be run in DOS mode
dropped.file exe 272e2f96abb1bf5e3a955925b6bf2178 / 51533 bytes / @ 16051
af704fce763712a79aa6711f28d54e0c view report c3a5db10dd21f0ecda514e3de104012c6e351b67b68ec20c70ea761a8c83b85e_Diagnostic_Report.doc 68096 12 X 0 0
14416: suspicious.office Packager ClassID used by CVE-2014-6352 C
16133: string.This program cannot be run in DOS mode
dropped.file exe 41a42ffbfbbcd217560fc5aec7a9e89d / 52041 bytes / @ 16055
772decbe7b1c8e5ac7bc32317d8afc06 view report b797b6b9dfa90893ffaf9020bea445c368977ba6ba16590869e7ed642c52afe7_Diagnostic_Report_Silent.doc 67584 12 X 0 0
14416: suspicious.office Packager ClassID used by CVE-2014-6352 C
16129: string.This program cannot be run in DOS mode
dropped.file exe 272e2f96abb1bf5e3a955925b6bf2178 / 51533 bytes / @ 16051
af704fce763712a79aa6711f28d54e0c view report c3a5db10dd21f0ecda514e3de104012c6e351b67b68ec20c70ea761a8c83b85e_Diagnostic_Report.doc 68096 12 X 0 0
14416: suspicious.office Packager ClassID used by CVE-2014-6352 C
16133: string.This program cannot be run in DOS mode
dropped.file exe 41a42ffbfbbcd217560fc5aec7a9e89d / 52041 bytes / @ 16055
c1ccc6ae18fbffc0a6c5fd79330c482a view report 9af4d0440160631b78b44adc7857557c6633b57ddb7e15e3a44c1eb0d11e9359_FinanceApproval.docx 1805020 73 X 0 0
embedded.file oleObject1.bin 955819cf04ee1b86868855bce3f35035
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.36029: string.This program cannot be run in DOS mode
oleObject1.bin.793379: string.GetModuleHandleA
oleObject1.bin.794267: string.GetSystemMetrics
oleObject1.bin.792525: string.GetProcAddress
oleObject1.bin.797865: string.EnterCriticalSection
oleObject1.bin.792499: string.CloseHandle
oleObject1.bin.793447: string.KERNEL32
oleObject1.bin.dropped.file exe 3cb059d8b96d46ae314d814d6e5c1b33 / 99188 bytes / @ 35951
oleObject1.bin.dropped.file rtf 790586b144a8b106d76c997e4e366edd / 91228 bytes / @ 135139
oleObject1.bin.dropped.file doc e34483e60ac784faa94244dcf101c91a / 12 bytes / @ 226367
oleObject1.bin.dropped.file rtf 0b6b0dffb97266c6a0aa64509e96bc47 / 4099509 bytes / @ 226379
embedded.file image2.emf f14a871d082359410f5fb573bcabdc14
Yara:
artifact_Msxml
0787bd548badf1b832b4495c2e4cc063 view report f8dfb7bb95c88e963e8b7b2718573d912074d3e6cb6185582c556199ac35a69f_jack_output956e00f.doc 430080 20 X 0 0
24654: string.This program cannot be run in DOS mode
385068: string.CloseHandle
dropped.file exe 2200e83f0bf6363b04d89b5b8e7c464a / 405504 bytes / @ 24576
1ecd1b6cc64a582a5f105ff4be00cd68 view report 3ddb72f4e4fda4e9063080404397d96876e89be2ef4ef178ceff504c55006dc7_nd.doc 475136 40 X 0 0
24654: string.This program cannot be run in DOS mode
54712: string.RegOpenKeyExA
57128: string.shell32.dll
62448: string.ExitProcess
dropped.file exe c3cf840baabf8b5a0c8e04c3d487805c / 450560 bytes / @ 24576
578979911078745a65ddd793f5d5c73c view report fa78d22ef1e45c4acc686b6786422974af808414710b317307c57f83b3c6f8d0_word_sample_20180809164507.doc 33792 72 X 0 0
29921: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
30132: exploit.office embedded Visual Basic execute shell command Wscript.Shell
23766: suspicious.office Visual Basic macro
10666: exploit.office VB Macro auto execute
30110: string.vbs WScript