Cryptam // document analysis


Sample Details

original filename: 0bd34c5850f4b228b2cc33b96b23ec757f07799b1b1d5f3dd68f3388603dc45c_gtyipru.doc

size: 724992 bytes
submitted: 2018-11-29 01:07:57
md5: c051895078d8f3930c638341873644ac
sha1: 0238aa56f3ada196f4d1e6b50996dec0bfd350ac
sha256: 0bd34c5850f4b228b2cc33b96b23ec757f07799b1b1d5f3dd68f3388603dc45c
ssdeep: 12288:3EE1+SggN8zhjx1U9H6mmRQo2Zwb4aj2G4mS3Wn2hR3:3E8/g5zhsBI6naKG4mS3k2X
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 3.79 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
463528: string.LoadLibraryA
462652: string.GetModuleHandleA
462712: string.GetCommandLineA
170092: string.GetSystemMetrics
462634: string.GetProcAddress
462304: string.EnterCriticalSection
464412: string.CloseHandle
464364: string.CreateFileA
462978: string.RegOpenKeyExA
462872: string.user32.dll
462774: string.ExitProcess
465692: string.CreateWindowExA
dropped.file exe 33d7d8dc6cd78a88edf4cdb8dd979b57 / 700416 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 33d7d8dc6cd78a88edf4cdb8dd979b57
sha1: 0a75df7b4bce2eb86e17c2a9a68076e35662f0ae
sha256: 73c03f51b1e5b566994a73c10d60426f8b27c78235ee4ce69f43a2d5c85241f0
view strings