Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
663cce83f0b0786018963c4453014cd4 view report Your_Order_Info_901049.xls 94720 12 X 0 0
82134: suspicious.office Visual Basic macro
66751: string.CreateProcessA
663cce83f0b0786018963c4453014cd4 view report Your_Order_Info_901049.xls 94720 12 X 0 0
82134: suspicious.office Visual Basic macro
66751: string.CreateProcessA
4aa84fb242abbba1a9dd2b8976cab2ce view report Invoice-CEO.docx 531968 32 X 0 0
520052: suspicious.office Visual Basic macro
500068: exploit.office VB Macro auto execute
521303: string.URLDownloadToFileA
f38c13c32a66eb461bb2ed07b3a911b2 view report a04e3b8df0378efbddcdc643f144a4a3e2a8f634a2abeae2f64a398e3380eb00_DridexDDEDropperdoc.docx 24452 12 X 0 0
embedded.file vbaProject.bin 83df9fd104d95730a0a2a7ed6c3336b3
vbaProject.bin.15454: suspicious.office Visual Basic macro
vbaProject.bin.3907: string.URLDownloadToFileA
d77496b94070e3196d72888e0dbbcf6e view report Samp(7).docx 310389 54 X 0 0
embedded.file oleObject1.bin bbde3d6a13021276aa62d3f93876aa41
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.8875: string.This program cannot be run in DOS mode
oleObject1.bin.69091: string.GetModuleHandleA
oleObject1.bin.69051: string.GetCommandLineA
oleObject1.bin.69169: string.KERNEL32
oleObject1.bin.dropped.file exe ca236a7fa586baab7be0cec3d86d5ebc / 70051 bytes / @ 8797
embedded.file vbaProject.bin d166950a50e55ccdd873a5be297602c4
vbaProject.bin.29398: suspicious.office Visual Basic macro
vbaProject.bin.19571: string.vbs impersonationLevel
a368a2619a4870c9ab3f26e07184d445 view report Samp(5).docx 298843 154 X 0 0
embedded.file oleObject1.bin 89d9e05f60d97e9831bc1d2881a916eb
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.8865: string.This program cannot be run in DOS mode
oleObject1.bin.57691: string.LoadLibraryA
oleObject1.bin.57789: string.GetModuleHandleA
oleObject1.bin.56765: string.GetCommandLineA
oleObject1.bin.57673: string.GetProcAddress
oleObject1.bin.57461: string.CreateProcessA
oleObject1.bin.57003: string.EnterCriticalSection
oleObject1.bin.56697: string.CloseHandle
oleObject1.bin.57243: string.CreateFileA
oleObject1.bin.56323: string.RegOpenKeyExA
oleObject1.bin.56375: string.RegDeleteKeyA
oleObject1.bin.57825: string.KERNEL32
oleObject1.bin.dropped.file exe 9b88bc8fb6d84c582c7f81e1aab79cc5 / 76205 bytes / @ 8787
embedded.file vbaProject.bin 8d309eba647c7bb23368ccd7168d5808
vbaProject.bin.18133: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.34518: suspicious.office Visual Basic macro
vbaProject.bin.15223: string.vbs impersonationLevel
06138c9944127a3f38fe1145bf6b72ca view report Samp(3).docx 306896 154 X 0 0
embedded.file oleObject1.bin b214ecfa81c8a22c3ef663f9776327b6
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.8865: string.This program cannot be run in DOS mode
oleObject1.bin.67387: string.LoadLibraryA
oleObject1.bin.67485: string.GetModuleHandleA
oleObject1.bin.66469: string.GetCommandLineA
oleObject1.bin.67369: string.GetProcAddress
oleObject1.bin.67157: string.CreateProcessA
oleObject1.bin.66689: string.EnterCriticalSection
oleObject1.bin.66411: string.CloseHandle
oleObject1.bin.66939: string.CreateFileA
oleObject1.bin.66019: string.RegOpenKeyExA
oleObject1.bin.66071: string.RegDeleteKeyA
oleObject1.bin.67521: string.KERNEL32
oleObject1.bin.dropped.file exe c9909bf6dda632116a5c174945e8fdcc / 65965 bytes / @ 8787
embedded.file vbaProject.bin 118f916e0c5f5e45402091e1ad348a18
vbaProject.bin.12491: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.28886: suspicious.office Visual Basic macro
vbaProject.bin.12179: string.vbs impersonationLevel
1a5fc80bed93ae809a2a9a3968f39bce view report Samp(2).docx 324580 134 X 0 0
embedded.file oleObject1.bin 2aa55da7e8b4f0a27ccefc94b200126b
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.3247: string.This program cannot be run in DOS mode
oleObject1.bin.52483: string.LoadLibraryA
oleObject1.bin.52045: string.GetModuleHandleA
oleObject1.bin.52207: string.GetCommandLineA
oleObject1.bin.52065: string.GetProcAddress
oleObject1.bin.51871: string.EnterCriticalSection
oleObject1.bin.51771: string.CloseHandle
oleObject1.bin.51815: string.CreateFileA
oleObject1.bin.51721: string.RegOpenKeyExA
oleObject1.bin.52775: string.KERNEL32
oleObject1.bin.dropped.file exe e202efeb138de48c55046d32fafbb315 / 77215 bytes / @ 3169
embedded.file vbaProject.bin c66ce299f067fef7522a96ed952db915
vbaProject.bin.18439: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.35030: suspicious.office Visual Basic macro
vbaProject.bin.7695: string.vbs impersonationLevel
f38c13c32a66eb461bb2ed07b3a911b2 view report a04e3b8df0378efbddcdc643f144a4a3e2a8f634a2abeae2f64a398e3380eb00_DridexDDEDropperdoc.docx 24452 12 X 0 0
embedded.file vbaProject.bin 83df9fd104d95730a0a2a7ed6c3336b3
vbaProject.bin.15454: suspicious.office Visual Basic macro
vbaProject.bin.3907: string.URLDownloadToFileA
cc1404109cd9638b5d2f6358a668d9d3 view report 369f9ecabbd6de3b8dfff6f2c4664db7458d257d934b9329a15f58394a610a1e_non.doc 671744 130 X 0 0
24656: string.This program must be run under Win32
482406: string.LoadLibraryA
481572: string.GetModuleHandleA
481632: string.GetCommandLineA
170616: string.GetSystemMetrics
481554: string.GetProcAddress
481224: string.EnterCriticalSection
483304: string.CloseHandle
483256: string.CreateFileA
481898: string.RegOpenKeyExA
481792: string.user32.dll
481694: string.ExitProcess
484618: string.CreateWindowExA
dropped.file exe 03f1c535eeb5923ab0e9a5d77c9064ce / 647168 bytes / @ 24576
96ce7328e5a1140767125a7050872c9a view report 18a0934ae92da2e50ae3b5948a1da10023b801b5d17860a42e521346f83eec3e_participation-discussionrubric.doc 61440 10 X 1 0
50613: xor_0xfd.not.string.vbs On Error Resume Next
cc1404109cd9638b5d2f6358a668d9d3 view report 369f9ecabbd6de3b8dfff6f2c4664db7458d257d934b9329a15f58394a610a1e_non.doc 671744 130 X 0 0
24656: string.This program must be run under Win32
482406: string.LoadLibraryA
481572: string.GetModuleHandleA
481632: string.GetCommandLineA
170616: string.GetSystemMetrics
481554: string.GetProcAddress
481224: string.EnterCriticalSection
483304: string.CloseHandle
483256: string.CreateFileA
481898: string.RegOpenKeyExA
481792: string.user32.dll
481694: string.ExitProcess
484618: string.CreateWindowExA
dropped.file exe 03f1c535eeb5923ab0e9a5d77c9064ce / 647168 bytes / @ 24576
96ce7328e5a1140767125a7050872c9a view report 18a0934ae92da2e50ae3b5948a1da10023b801b5d17860a42e521346f83eec3e_participation-discussionrubric.doc 61440 10 X 1 0
50613: xor_0xfd.not.string.vbs On Error Resume Next
3ad2d59f3fc407aba982b3a34114900e view report 58fe43655ce6b80528665a0be099ca3e23963d8ca9e3efc6aa976ef2ebc1e879_inv.doc 724992 140 X 0 0
24656: string.This program must be run under Win32
542880: string.LoadLibraryA
541992: string.GetModuleHandleA
542052: string.GetCommandLineA
174204: string.GetSystemMetrics
541974: string.GetProcAddress
541644: string.EnterCriticalSection
543808: string.CloseHandle
543760: string.CreateFileA
542318: string.RegOpenKeyExA
542212: string.user32.dll
253188: string.shell32.dll
542114: string.ExitProcess
545116: string.CreateWindowExA
dropped.file exe f63685bb544617a9fab3865a70e7ce26 / 700416 bytes / @ 24576
e7a135f1c036a4ca9f1a8ba17a5e5e06 view report 28c0ed6804e0d95f7ab8b2395bfa7d39277db73497d53a8f585b509983860bf8_baz.doc 626688 130 X 0 0
24656: string.This program must be run under Win32
444422: string.LoadLibraryA
443588: string.GetModuleHandleA
443648: string.GetCommandLineA
160896: string.GetSystemMetrics
443570: string.GetProcAddress
443240: string.EnterCriticalSection
445218: string.CloseHandle
445170: string.CreateFileA
443914: string.RegOpenKeyExA
443808: string.user32.dll
443710: string.ExitProcess
446344: string.CreateWindowExA
dropped.file exe a45c587b8519cb6523330d6880c26d41 / 602112 bytes / @ 24576