Cryptam // document analysis


Sample Details

original filename: 0501440e1f2fde59301ba6e5aa1bebb3ee0dfc105befdfdcdb5496402a162b37_p.doc

size: 483328 bytes
submitted: 2018-08-04 12:50:01
md5: 8d862b58dad3f150518721f5dec57e35
sha1: ac5197836daffe8e30a4c1432ef8d922ba284f24
sha256: 0501440e1f2fde59301ba6e5aa1bebb3ee0dfc105befdfdcdb5496402a162b37
ssdeep: 6144:MEkwiqnOvegUzHj0no1cMdcF7X6CKXcH6TyN1pvndxFQSCvCZz3As/WoZWVAkzU8:MESrUHWMGi28ypvd39jAeA
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.42 s
result: malware [30]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
63828: string.CloseHandle
63600: string.CreateFileA
dropped.file exe 49bc07cc10ab9c74dfdc5a559bbca66c / 458752 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 49bc07cc10ab9c74dfdc5a559bbca66c
sha1: d5ab2dde72736eb6a6b55ac5b90c8d12d80ee2c9
sha256: 892d480a3c065616d2dde67eb92ae01c05f662006ec256f15b996cad0f517765
view strings