Cryptam // document analysis


Sample Details

original filename: 08e779aebdfa8279e66180d7e90b0a3a352a46636655182af38c07285954d4f5_o.doc

size: 483328 bytes
submitted: 2018-08-04 12:49:23
md5: ac8fb86ada54ac1781a769342d9b2de4
sha1: b7b1e5c75f52f8707346772b26f589134ce5e769
sha256: 08e779aebdfa8279e66180d7e90b0a3a352a46636655182af38c07285954d4f5
ssdeep: 6144:5EoF5ZVd1kH0AJWzKrAGBhbYc8RXTmqaRXOl96RwB70bn8CoN:5EMFlzKrHhACPXOYw0b
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.19 s
result: malware [30]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
63952: string.CloseHandle
63692: string.CreateFileA
dropped.file exe 37d776c77a5b68241dc02f518045eb72 / 458752 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 37d776c77a5b68241dc02f518045eb72
sha1: a8a137bb146e1f1fb2681b0ce64e56364039dbfa
sha256: 523326597c084d9d36b4d7ea59a9d0b6ce6fb4384ef5bbd56eb4f050b6653b40
view strings