Cryptam // document analysis


Sample Details

original filename: 0eefb9ae9e4e0c9584447c866f7e60948a3b3ace1d0d239a89cdceb9b3d31d55_.doc

size: 479232 bytes
submitted: 2019-02-04 20:33:27
md5: 7b943fc5a59af4e985408a76a0c8a462
sha1: a91694dc34df29aad0a90336bb4bdb376e6e989f
sha256: 0eefb9ae9e4e0c9584447c866f7e60948a3b3ace1d0d239a89cdceb9b3d31d55
ssdeep: 12288:8EfYkEUO2cvs/T97jzfOHM7CIMmju+ioYcW8:8EfYiO2xTZjiaCIMmjuZotW
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 3.06 s
result: malware [130]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
52778: string.GetModuleHandleA
53256: string.GetCommandLineA
54536: string.GetSystemMetrics
53560: string.GetProcAddress
53430: string.CreateProcessA
52878: string.CloseHandle
53082: string.CreateFileA
55166: string.RegOpenKeyExA
55062: string.RegDeleteKeyA
53620: string.KERNEL32
53176: string.ExitProcess
54082: string.CreateWindowExA
dropped.file exe f4287aca93daf225f1126ebc4e6b0fe5 / 454656 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: f4287aca93daf225f1126ebc4e6b0fe5
sha1: 5594e11667a9fdb3c7540866eb421fde5d0cafd0
sha256: ebaeb0999f0afcbfe30c67733fa4b44c1dff7fc136e1137ccce91dbb5a1acae8
view strings