EFB5D3FD0CA7FB5BA1A1E7E88B8492B0D43A4E121326B03B7851CDF1D0730EC7

General

Target

EFB5D3FD0CA7FB5BA1A1E7E88B8492B0D43A4E121326B03B7851CDF1D0730EC7
Size

1019KB
MD5

904198ed96ec4ce6d011c037a2713fe4
SHA1

f025a41592eace75cff3d67c1c090dfcdbe2fd9b
SHA256

efb5d3fd0ca7fb5ba1a1e7e88b8492b0d43a4e121326b03b7851cdf1d0730ec7
SHA512

47aed404192373e26cf89bd80f5182caf9d58fb28f5788f61b99de8224d9afe0e551315f7f4eac5eca0341e50834a6616d536d05af965243c441f153046d5d77
SSDEEP

24576:2Fe4LFRBXm6FeD5hqLbm61CeEVG06M1/DRXXXXXXXXXXXXUrXXXXXXXXXXXXXtXY:WFp+Y1kZ6Mv

Score

5^/10

macro

Document created with cracked Office version 1 IoCs

Office document contains Grizli777 string known to be caused by using a cracked version of the software.

Processes:

resource	yara_rule
sample	grizli777_cracked_office

EFB5D3FD0CA7FB5BA1A1E7E88B8492B0D43A4E121326B03B7851CDF1D0730EC7
.xls windows office2003