Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
bf3f93200aa18ebf8a2988fa0209da42 view report KoinoHost.zip 329586 180 X 0 0
embedded.file KoinoHost.exe cbe7368f86682a394b0a26b43a24fc8c
KoinoHost.exe.78: string.This program cannot be run in DOS mode
KoinoHost.exe.649026: string.LoadLibraryA
KoinoHost.exe.653530: string.GetModuleHandleA
KoinoHost.exe.653568: string.GetCommandLineA
KoinoHost.exe.650734: string.GetSystemMetrics
KoinoHost.exe.649008: string.GetProcAddress
KoinoHost.exe.649250: string.CreateProcessA
KoinoHost.exe.648716: string.URLDownloadToFileA
KoinoHost.exe.649588: string.EnterCriticalSection
KoinoHost.exe.653722: string.GetEnvironmentVariableA
KoinoHost.exe.648924: string.CloseHandle
KoinoHost.exe.649112: string.CreateFileA
KoinoHost.exe.652784: string.RegOpenKeyExA
KoinoHost.exe.684648: string.user32.dll
KoinoHost.exe.609764: string.KERNEL32
KoinoHost.exe.653494: string.ExitProcess
KoinoHost.exe.651946: string.GetMessageA
KoinoHost.exe.650262: string.CreateWindowExA
Yara:
gh0st
db7a5e16d502ab8e28b48e492a767059 view report 1.2_Yard pipe work_T.xlsm 1132047 32 X 0 0
embedded.file vbaProject.bin 89124cf4eae0c0c1dd609323e406335a
vbaProject.bin.423032: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.547610: suspicious.office Visual Basic macro
vbaProject.bin.563483: string.shell32.dll
vbaProject.bin.dropped.file vbs 86fcde05c9c25737b71baaafb6b6e07c / 492377 bytes / @ 115367
c0d39f33f855128a32aa5f8bfc0e8c4d view report ziraat Bankasi Swift Mesaji.doc 1302968 12 X 0 0
embedded.file oleObject1.bin 91cf94ad480b0e49f25cea28947adb28
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.15024: string.This program cannot be run in DOS mode
oleObject1.bin.dropped.file exe 0baac9292dddec7209800b2d3e4baf7d / 1565086 bytes / @ 14946
6483e827d11bb55caee0c5f514879e6f view report SAMPLE.doc 43008 12 X 0 0
37590: suspicious.office Visual Basic macro
23651: string.CreateProcessA
ccc0b42d668ac4d9149c5b8cb4a7002f view report bf48b352a19d3731d31dcbe1d981358264d2995c5a69d5c30d1feb881c526fb6 42496 12 X 0 0
37590: suspicious.office Visual Basic macro
23651: string.CreateProcessA
c784ce154b62c0fd0ac8fe86054004a5 view report oleObject1.bin 6144 32 X 0 0
4308: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
4294: string.vbs CreateObject
dropped.file vbs 0c2ff17cdf096ce5f00093b4e3e15bd0 / 30 bytes / @ 2124
dropped.file vbs f0828d00c73f9e2e150d55a70c7c9a07 / 44 bytes / @ 2154
dropped.file vbs c117f4e04c48ecffbc50510f9a9e5f49 / 3946 bytes / @ 2198
c5eb1c26165894477b788b4d9a42c0c2 view report m4a-to-mp3.zip 6571558 150 X 0 0
embedded.file m4a-to-mp3.exe 294ace1b77bffd7b937ed119fa43dccc
m4a-to-mp3.exe.80: string.This program must be run under Win32
m4a-to-mp3.exe.40994: string.LoadLibraryA
m4a-to-mp3.exe.40264: string.GetModuleHandleA
m4a-to-mp3.exe.40300: string.GetCommandLineA
m4a-to-mp3.exe.41132: string.GetProcAddress
m4a-to-mp3.exe.41448: string.CreateProcessA
m4a-to-mp3.exe.40084: string.EnterCriticalSection
m4a-to-mp3.exe.41304: string.GetEnvironmentVariableA
m4a-to-mp3.exe.40494: string.CloseHandle
m4a-to-mp3.exe.40480: string.CreateFileA
m4a-to-mp3.exe.40674: string.RegOpenKeyExA
m4a-to-mp3.exe.40506: string.user32.dll
m4a-to-mp3.exe.33788: string.shell32.dll
m4a-to-mp3.exe.40466: string.ExitProcess
m4a-to-mp3.exe.41688: string.CreateWindowExA
e723a6e762833666b68acadb9b9b5f28 view report vbaProject.bin 2744832 12 X 0 0
2232090: suspicious.office Visual Basic macro
2098511: string.vbs On Error Resume Next
fc07f69a3db2fc100eb4a08771f509d6 view report hentaiwar.zip 328129 60 X 0 0
embedded.file cheat.dll fe5a25d8bfeb0754f80dc63c21bd1f90
cheat.dll.78: string.This program cannot be run in DOS mode
cheat.dll.1177894: string.GetModuleHandleA
cheat.dll.1178102: string.GetProcAddress
cheat.dll.1181122: string.EnterCriticalSection
cheat.dll.1181108: string.CloseHandle
cheat.dll.1178180: string.KERNEL32
078eeaa2800f98e7e194958e9d99273e view report Pro_Forma_Invoice.doc 190464 12 X 0 0
185622: suspicious.office Visual Basic macro
171619: string.CreateProcessA
df3469e95ba605f20e5e4ed1e271d8e7 view report file_to_send 3183522 150 X 0 0
embedded.file KMSpico_setup.exe bd8cb75cd1d80a311d72db68b7bde770
KMSpico_setup.exe.80: string.This program must be run under Win32
KMSpico_setup.exe.44066: string.LoadLibraryA
KMSpico_setup.exe.43336: string.GetModuleHandleA
KMSpico_setup.exe.43372: string.GetCommandLineA
KMSpico_setup.exe.44204: string.GetProcAddress
KMSpico_setup.exe.44520: string.CreateProcessA
KMSpico_setup.exe.43156: string.EnterCriticalSection
KMSpico_setup.exe.44376: string.GetEnvironmentVariableA
KMSpico_setup.exe.43566: string.CloseHandle
KMSpico_setup.exe.43552: string.CreateFileA
KMSpico_setup.exe.43746: string.RegOpenKeyExA
KMSpico_setup.exe.43578: string.user32.dll
KMSpico_setup.exe.34212: string.shell32.dll
KMSpico_setup.exe.43538: string.ExitProcess
KMSpico_setup.exe.44760: string.CreateWindowExA
22a9047275b77824ebd134dcbeb324c3 view report 22.Tuy?n J phn ph?i (XD).xlsm 1306835 32 X 0 0
embedded.file vbaProject.bin 81fc5090081fe12a5d201a5b6d8c992f
vbaProject.bin.456273: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.582900: suspicious.office Visual Basic macro
vbaProject.bin.455741: string.shell32.dll
vbaProject.bin.dropped.file vbs a4989ec3c264795a4e934b2c2e84ba28 / 522938 bytes / @ 122182
877b9e32bd09b1a2dbd3e0e4844425bd view report 24.Tuy?n K phn ph?i (XD).xlsm 1292491 32 X 0 0
embedded.file vbaProject.bin 4fdeba36e10ee5d6d3929d2196b66890
vbaProject.bin.456273: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.582900: suspicious.office Visual Basic macro
vbaProject.bin.455741: string.shell32.dll
vbaProject.bin.dropped.file vbs cd913c8c208843512dce5ca1b258eaed / 522938 bytes / @ 122182
5b53fc23c5851ccb0e85348aa05e7f76 view report 20.Tuy?n I phn ph?i (XD).xlsm 1297071 32 X 0 0
embedded.file vbaProject.bin 6554ffbac99c4b7f6362c052e5365cfd
vbaProject.bin.456273: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.582900: suspicious.office Visual Basic macro
vbaProject.bin.455741: string.shell32.dll
vbaProject.bin.dropped.file vbs 50ae4b331b578b87789614b662824c7a / 522938 bytes / @ 122182
f04ddbf853c513a95a9e285663f54648 view report Copy of Create Batch Header-1.xlsm 517926 42 X 0 0
embedded.file vbaProject.bin b426c7721de201ebe75d715ef9af5b59
vbaProject.bin.180667: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.697566: suspicious.office Visual Basic macro
vbaProject.bin.155987: string.shell32.dll
vbaProject.bin.181455: string.vbs On Error Resume Next