Malware Tracker [static + dynamic analysis]

Cryptam


Recent document malware detections. This list is delayed by 5 days.

MD5filenamesizeseverityhas_exekey_lenrol
aa6d0a82e8e8706971731d7a35298f48 view report Copia de Formato_Solicitud_Cuentas_de_Usuario.xlsm 1902490 18 X 0 0
embedded.file activeX1.xml f206cb1410db3b11e9ffbb3d3025eef2
activeX1.xml.56: suspicious.office activeX
embedded.file activeX9.xml dbd1871942a02ba0b33767f96360b35d
activeX9.xml.56: suspicious.office activeX
embedded.file sharedStrings.xml 20626b8cad9d1943fa9a7a6734d174fa
sharedStrings.xml.125726: suspicious.office DDE Excel execution
embedded.file vbaProject.bin 9f24c2676b11d0d487b0e121e3acbd53
vbaProject.bin.230102: suspicious.office Visual Basic macro
vbaProject.bin.157111: string.vbs On Error Resume Next
2b36c2a000ff2c43b30748b0f1fa088a view report 2012_0158_malicious_document 126583 250 X 1 0
embedded.file datastore-8 9aecf72bff1fca76784c83603e87a554
datastore-8.12: exploit.office CVE-2012-0158 F
datastore-8.2313: exploit.office OLE MSCOMCTL.OCX RCE CVE-2012-0158 H
datastore-8.1155: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs E
158: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 B
4527: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 D
4493: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs C
2477: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs D
26822: string.This program cannot be run in DOS mode
49442: string.LoadLibraryA
48790: string.GetModuleHandleA
49000: string.GetCommandLineA
49424: string.GetProcAddress
49032: string.GetEnvironmentVariableA
48630: string.CloseHandle
48700: string.CreateFileA
48300: string.user32.dll
48926: string.KERNEL32
48776: string.ExitProcess
dropped.file doc 0d6d94001483c7bc7650ab2a3e98427a / 16384 bytes / @ 10360
dropped.file exe 20c764dfa4363c6941d8f30cff20c86b / 99839 bytes / @ 26744
683cfe497f8a64a4b97d3d5e01dab0ae view report IMG_101290_100121_010210_001010_012100.IMG 1245184 10 X 0 0
919630: string.This program cannot be run in DOS mode
dropped.file exe 74e1826296b1db1c751c44f99b7d823c / 325632 bytes / @ 919552
6834955c1fe81e1e94add75cb26ea121 view report macro2.doc 64000 12 X 0 0
57048: suspicious.office Visual Basic macro
38506: string.vbs On Error Resume Next
6834955c1fe81e1e94add75cb26ea121 view report GenPunctuationHelp.doc 64000 12 X 0 0
57048: suspicious.office Visual Basic macro
38506: string.vbs On Error Resume Next
458d5a87334e9e827654a36da1a8a30e view report 1234.doc 157696 40 X 1 0
98894: xor_0x88.string.This program cannot be run in DOS mode
155315: xor_0x88.string.LoadLibraryA
155331: xor_0x88.string.GetProcAddress
156218: xor_0x88.string.user32.dll
dropped.file exe 59e218ed791dcc9e5848640d1e5e2857 / 58880 bytes / @ 98816
6834955c1fe81e1e94add75cb26ea121 view report GenPunctuationHelp.doc 64000 12 X 0 0
57048: suspicious.office Visual Basic macro
38506: string.vbs On Error Resume Next
7dee4fe8fbae1cfcbadd2d358c703c59 view report HTTPMacro.doc 41984 52 X 0 0
33343: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
33311: exploit.office embedded Visual Basic execute shell command Wscript.Shell
37138: suspicious.office Visual Basic macro
33279: string.vbs On Error Resume Next
735d599cf5298f75799f14fd61af6de3 view report Payment-advice.doc 49100 12 X 0 0
embedded.file vbaProject.bin 2363166fbe40b2a33f895f733eb2e8f7
vbaProject.bin.30038: suspicious.office Visual Basic macro
vbaProject.bin.22078: string.vbs impersonationLevel
03d7efadbaec03535b624fff2f17c4b0 view report zytl.txt 114128 50 X 0 0
113748: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
114071: exploit.office embedded Visual Basic execute shell command Wscript.Shell
113734: string.vbs CreateObject
5dad7c93e7a5cf78c79f3874d7e3f8e4 view report SS AIR_Q52236.iso 616448 130 X 0 0
61520: string.This program must be run under Win32
433690: string.LoadLibraryA
432856: string.GetModuleHandleA
432916: string.GetCommandLineA
197792: string.GetSystemMetrics
432838: string.GetProcAddress
432508: string.EnterCriticalSection
434492: string.CloseHandle
434444: string.CreateFileA
433182: string.RegOpenKeyExA
433076: string.user32.dll
432978: string.ExitProcess
435588: string.CreateWindowExA
dropped.file exe 1cf321753a22c5e62c23872d84c75325 / 555008 bytes / @ 61440
aaacfa9d76649f54634c1db490f2cefd view report traveldoc1.xlsx 145826 50 X 0 0
50400: string.This program cannot be run in DOS mode
72608: string.LoadLibraryA
72622: string.GetProcAddress
72538: string.KERNEL32
72654: string.ExitProcess
dropped.file exe cf9146135a65d85a04b1c11475abbbf3 / 95504 bytes / @ 50322
d801b454160510cb30428cd7e0695243 view report cd2b2efbc13c888f2a350b4a131f5269a5a3f0355c6dcd5afd7bfc53c54721f9_190215090638307538.xls 98816 72 X 0 0
50964: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
51548: exploit.office embedded Visual Basic execute shell command Wscript.Shell
58041: exploit.office embedded Visual Basic accessing file OpenTextFile
88786: suspicious.office Visual Basic macro
47742: string.vbs On Error Resume Next
dropped.file vbs 7bd0a0d83a77f46d829313e5e65f2320 / 19998 bytes / @ 54654
dropped.file vbs 42f90c1745cb516305fac7db5677a2d4 / 24164 bytes / @ 74652
3442810627de4be4facbe7a1c42e0999 view report bab66dc3591310fca8e61e74bc8fc9bf547eff945c5f6b78b821e750b40a0955_190215090512886464.xls 87552 72 X 0 0
41355: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
41939: exploit.office embedded Visual Basic execute shell command Wscript.Shell
48432: exploit.office embedded Visual Basic accessing file OpenTextFile
77522: suspicious.office Visual Basic macro
38645: string.vbs On Error Resume Next
dropped.file vbs d66b163523f72ade81dc12bcc3b6150a / 20510 bytes / @ 45045
dropped.file vbs 10affb80e62792aeed3d8901a7bc0704 / 21997 bytes / @ 65555
5ca19b7f91f0013cf9cfd917763bb75a view report c4f1dff918450eb4de05c791b87bf12220c49c74d0cc02de940e155ebe07f0c4_190215090529682644.xls 89088 72 X 0 0
42891: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
43475: exploit.office embedded Visual Basic execute shell command Wscript.Shell
49968: exploit.office embedded Visual Basic accessing file OpenTextFile
79058: suspicious.office Visual Basic macro
40181: string.vbs On Error Resume Next
dropped.file vbs b5cb91f1f44feb1736e03fd9bc35e0e5 / 20510 bytes / @ 46581
dropped.file vbs 8a7c5ca0924d7959e3e4a6ed837219e0 / 21997 bytes / @ 67091