Cryptam // document analysis


Sample Details

original filename: Taiwan 2010.doc

size: 183808 bytes
submitted: 2018-11-01 12:31:21
md5: 9ef09819aa5d552ecb15067a14a33152
sha1: ecdf999cba48c5655c8120a4bf3237fee7570d9a
sha256: 0f57baeb3070bf7a806f004ab61243aaf1b16f328e0c5f96d0c9128294d95b2c
ssdeep: 3072:MwXwwwu5wdfGqy8DWrRW6XDnySicoMwgtR7I4Vx:yoiZgtR8w
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.83 s
result: malware [120]
embedded executable: found

signature hits:

121280: string.LoadLibraryA
120702: string.GetCommandLineA
121262: string.GetProcAddress
120776: string.CloseHandle
121214: string.CreateFileA
145789: rol4.string.Advapi32.dll
145802: rol4.string.RegOpenKeyExA
145816: rol4.string.RegDeleteKeyA
120308: string.user32.dll
120628: string.KERNEL32
120734: string.ExitProcess
120664: string.GetMessageA


Cryptanalysis

key length: 0 bytes
key:

entropy: 0.00%
rol bitwise: 4 | decode with: 4


Strings

raw strings
decrypted raw strings