Cryptam // document analysis


Sample Details

original filename: 167be772487b3b12a7c2e31a9dbcb6b88b46f30adbf3fcb9135d19b6582b92f8_py.1.doc

size: 1515520 bytes
submitted: 2019-05-24 06:21:23
md5: 9e7505e7ec2f2f933a8d73249e9a8026
sha1: 7dedd3fd4f56577bb2d139e37ec655fad9cd5103
sha256: 167be772487b3b12a7c2e31a9dbcb6b88b46f30adbf3fcb9135d19b6582b92f8
ssdeep: 24576:tE/9Vx/Z6xXHQmL1e9q5zhuII9p2dfeMWzrOvldSlrXrx2RWAw0/:tE/aNH5L1ewnZZy2tdSTCEk
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 3.75 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
438294: string.LoadLibraryA
437460: string.GetModuleHandleA
437520: string.GetCommandLineA
162544: string.GetSystemMetrics
437442: string.GetProcAddress
437112: string.EnterCriticalSection
439106: string.CloseHandle
439058: string.CreateFileA
437786: string.RegOpenKeyExA
437680: string.user32.dll
437582: string.ExitProcess
440172: string.CreateWindowExA
dropped.file exe 8a03f85112783785b57968cfb3e53c68 / 1490944 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 8a03f85112783785b57968cfb3e53c68
sha1: 25b2048050a690bb58198a757ae0f693d51f3652
sha256: 0dd889c927d690b78db7f88df4fb57c40f354711a2f056069fb62f7797d6cffd
view strings