Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
0767b337bf25bf0e7b02dd6011fbae97 view report 0767b337bf25bf0e7b02dd6011fbae97 100864 72 X 0 0
53598: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
54182: exploit.office embedded Visual Basic execute shell command Wscript.Shell
60675: exploit.office embedded Visual Basic accessing file OpenTextFile
90322: suspicious.office Visual Basic macro
50376: string.vbs On Error Resume Next
dropped.file vbs ea0c27817cee62bf970c45c52ab2a0e6 / 19998 bytes / @ 57288
dropped.file vbs bdbeb86558e8a4b4e8896792bbe020ef / 23578 bytes / @ 77286
3ccaeef38235548c736435f01d1aec77 view report oleObject1.bin 664576 12 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
7940: string.This program cannot be run in DOS mode
dropped.file exe 02441511d9deac05a1ae00500f8e58ff / 656714 bytes / @ 7862
fdbd6bfbeaafc18b18af5cf017d20e46 view report Du toan mai che.xlsm 1923743 32 X 0 0
embedded.file vbaProject.bin 4b0ae7ed258865f6e49e77bc9416aab7
vbaProject.bin.495185: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.631540: suspicious.office Visual Basic macro
vbaProject.bin.494653: string.shell32.dll
vbaProject.bin.dropped.file vbs 0574d3bfb1d8731391e1b6bc6a3fb870 / 545466 bytes / @ 149830
403f486f01f1b358d262bd78c6b45d10 view report vbaProject.bin 1144320 22 X 0 0
917206: suspicious.office Visual Basic macro
947632: string.user32.dll
235423: string.vbs On Error Resume Next
a6fecf7a1ecdc7c857aaa20998875c8c view report 4.DU TOAN CAY XANH.xls 2782720 32 X 0 0
2583181: exploit.office embedded Visual Basic execute shell command Wscript.Shell
2717406: suspicious.office Visual Basic macro
2733306: string.shell32.dll
dropped.file vbs f5944f96e5fa8dcde87f55850554a648 / 460760 bytes / @ 2321960
afe1bd4dceba2afcba91edf5cfc48070 view report oleObject1.bin 1316352 72 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
12990: string.This program must be run under Win32
1311544: string.LoadLibraryA
1311558: string.GetProcAddress
1311506: string.user32.dll
1311494: string.shell32.dll
1311398: string.KERNEL32
1311618: string.ExitProcess
dropped.file exe 4b7ba3f242d65c781ab3575a26996479 / 1303442 bytes / @ 12910
a9e1d5127c187499cf34a41a4eb7b1d3 view report b2c2c5265bcbd00d2b5e523044b7abd3513e3f0cba31464cd8370a24150b0789 936571 42 X 0 0
embedded.file vbaProject.bin df5c89e0c5620b0c317e1223b8604c08
vbaProject.bin.1215702: suspicious.office Visual Basic macro
vbaProject.bin.1452538: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs E
vbaProject.bin.1245586: string.user32.dll
vbaProject.bin.259810: string.vbs On Error Resume Next
7129697f7da595d988e1012701b40674 view report 294686859.zip 4437523 480 X 0 0
embedded.file Registrator.exe 5a04963f994cd712c2f5db4cc2686819
Registrator.exe.78: string.This program cannot be run in DOS mode
Registrator.exe.15630: string.LoadLibraryA
Registrator.exe.15646: string.GetModuleHandleA
Registrator.exe.15542: string.GetCommandLineA
Registrator.exe.15798: string.GetSystemMetrics
Registrator.exe.15612: string.GetProcAddress
Registrator.exe.15682: string.KERNEL32
embedded.file MSWINSCK.OCX 9484c04258830aa3c2f2a70eb041414c
MSWINSCK.OCX.78: string.This program cannot be run in DOS mode
MSWINSCK.OCX.67292: string.LoadLibraryA
MSWINSCK.OCX.67796: string.GetSystemMetrics
MSWINSCK.OCX.67326: string.GetProcAddress
MSWINSCK.OCX.67008: string.EnterCriticalSection
MSWINSCK.OCX.68516: string.RegOpenKeyExA
MSWINSCK.OCX.68532: string.RegDeleteKeyA
MSWINSCK.OCX.65964: string.KERNEL32
MSWINSCK.OCX.67606: string.CreateWindowExA
embedded.file secretsquallerSocKet.ocx b63e7a6878ee191efd467fa6c3464555
secretsquallerSocKet.ocx.78: string.This program cannot be run in DOS mode
secretsquallerSocKet.ocx.14136: string.GetModuleHandleA
secretsquallerSocKet.ocx.14212: string.GetProcAddress
secretsquallerSocKet.ocx.13604: string.CreateWindowExA
embedded.file AF2 faSt PaSSWoRd liSt MAkER.exe 6ffa31d3bfc4cad1c4f1b2d06b0da016
AF2 faSt PaSSWoRd liSt MAkER.exe.78: string.This program cannot be run in DOS mode
embedded.file comdlg32.ocx b73809a916e6d7c1ae56f182a2e8f7e2
comdlg32.ocx.78: string.This program cannot be run in DOS mode
comdlg32.ocx.69892: string.LoadLibraryA
comdlg32.ocx.70336: string.GetSystemMetrics
comdlg32.ocx.69874: string.GetProcAddress
comdlg32.ocx.69642: string.EnterCriticalSection
comdlg32.ocx.71448: string.RegOpenKeyExA
comdlg32.ocx.71464: string.RegDeleteKeyA
comdlg32.ocx.68704: string.KERNEL32
comdlg32.ocx.70700: string.CreateWindowExA
embedded.file MSCOMCTL.OCX d7eef2c46a9880f21be01511024b53ab
MSCOMCTL.OCX.7872: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs E
MSCOMCTL.OCX.78: string.This program cannot be run in DOS mode
MSCOMCTL.OCX.687764: string.LoadLibraryA
MSCOMCTL.OCX.687944: string.GetModuleHandleA
MSCOMCTL.OCX.688098: string.GetCommandLineA
MSCOMCTL.OCX.689004: string.GetSystemMetrics
MSCOMCTL.OCX.687798: string.GetProcAddress
MSCOMCTL.OCX.687358: string.EnterCriticalSection
MSCOMCTL.OCX.687982: string.CloseHandle
MSCOMCTL.OCX.688052: string.CreateFileA
MSCOMCTL.OCX.692174: string.RegOpenKeyExA
MSCOMCTL.OCX.692190: string.RegDeleteKeyA
MSCOMCTL.OCX.41672: string.user32.dll
MSCOMCTL.OCX.688946: string.KERNEL32
MSCOMCTL.OCX.688128: string.ExitProcess
MSCOMCTL.OCX.691100: string.GetMessageA
MSCOMCTL.OCX.689676: string.CreateWindowExA
c2133b8ccb467ed14f1485045f53db9f view report PUTTYTEST.doc 1002853 210 X 4 0
embedded.file datastore-0 f4e188c11e64c071ac0272ecac5a2517
datastore-0.embedded.file header1.xml 7fa30902ef84e2531b0deba65c5ab259
datastore-0.header1.xml.192446: exploit.office SmartTag element parsing CVE-2015-1641
datastore-0.header1.xml.192753: exploit.office SmartTag element parsing CVE-2015-1641
962543: string.LoadLibraryA
961815: string.GetModuleHandleA
961459: string.GetCommandLineA
232830: string.GetSystemMetrics
961911: string.GetProcAddress
961167: string.CreateProcessA
961239: string.EnterCriticalSection
961681: string.GetEnvironmentVariableA
960999: string.CloseHandle
961067: string.CreateFileA
960815: string.RegDeleteKeyA
234976: string.user32.dll
243664: string.shell32.dll
963414: string.KERNEL32
256994: string.ExitProcess
959227: string.GetMessageA
958671: string.CreateWindowExA
dropped.file rtf 9165e9b15fc0734fe8dccbed5206505b / 768581 bytes / @ 234272
c41a84ef416074aa2ddd9e543d43a799 view report 8a49853f027d6237f2d7cf6db2aa5715bf7b5dd2eea370b081ac4e9dcc70094c 816407 22 X 0 0
embedded.file vbaProject.bin 403f486f01f1b358d262bd78c6b45d10
vbaProject.bin.917206: suspicious.office Visual Basic macro
vbaProject.bin.947632: string.user32.dll
vbaProject.bin.235423: string.vbs On Error Resume Next
f73e7e9934036e8c989e756dba1a0822 view report 824c13009a937250e46b086a18d8dbade7b69991b28fbeca213a62e850491c79 590306 52 X 0 0
embedded.file vbaProject.bin 7c34c09b5440b2e464c43e612872e3bc
vbaProject.bin.1327469: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.1517844: suspicious.office Visual Basic macro
vbaProject.bin.442967: string.LoadLibraryA
vbaProject.bin.347834: string.vbs impersonationLevel
vbaProject.bin.298195: string.vbs On Error Resume Next
b594c3ae807da52e86526cdb650dade8 view report /1/0/3/03c343afc7225e350b1753cd00da60dc47f469ecefb9420db39019c8aa9564f0.file 1120071 32 X 0 0
embedded.file vbaProject.bin 068df8d6fda4198ac96c1745ca1a7955
vbaProject.bin.467537: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.600308: suspicious.office Visual Basic macro
vbaProject.bin.467005: string.shell32.dll
245155e24731e1dacc14400b0f7a0a05 view report oleObject1.bin 45056 102 X 0 0
1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
39222: string.GetModuleHandleA
39280: string.GetCommandLineA
39042: string.EnterCriticalSection
39474: string.CloseHandle
39460: string.CreateFileA
39652: string.RegOpenKeyExA
39486: string.user32.dll
39446: string.ExitProcess
40174: string.GetMessageA
40226: string.CreateWindowExA
65623b89d1a041f61d8b7d8025b2d48d view report 8d0aec7173a9ba19f69b2a28b5c9c61e747da346107fe9bb91fd341a069f4216 1045940 102 X 0 0
985168: suspicious.office Packager ClassID used by CVE-2014-6352 C
1023286: string.GetModuleHandleA
1023344: string.GetCommandLineA
1023106: string.EnterCriticalSection
1023538: string.CloseHandle
1023524: string.CreateFileA
1023716: string.RegOpenKeyExA
1023550: string.user32.dll
1023510: string.ExitProcess
1024238: string.GetMessageA
1024290: string.CreateWindowExA
fd05e14f115e0addfda105ba7db3593e view report /1/4/4/448616b842aabfa7ef4d819b61092b8a2ca81cfee9207d55314fab205b902e74.file 1287213 13 X 0 0
embedded.file vbaProject.bin 7cf14da9253508a81b59ec184e27dbdb
vbaProject.bin.83158: suspicious.office Visual Basic macro
vbaProject.bin.55121: string.vbs On Error Resume Next
embedded.file vmlDrawing6.vml 1c3aa4a8e70f3bb19d95c2f4df025d26
Yara:
office_vb_dropper