Cryptam // document analysis


Sample Details

original filename: TDR - Predrańćun.xls

size: 305152 bytes
submitted: 2019-09-09 10:11:24
md5: b2089a25cd4b8bc9f887090f1d3fae7f
sha1: d2cf3eb79cb1289f5905389d7cfff663ad2c9db8
sha256: 169d8ed25f9ef70d1ab0d43015de310521cce33b15412897151ca867b9289676
ssdeep: 3072:I8KsaWCp3C2ENU59tF2wassbcIn5MvST1Irjgbsf56R/Si5Q2x8lVJ8ts9Tde6z0:I8nC1r9arbVnSvt4sfcRnxiD9TdeCxQ
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.59 s
result: malware [74]
embedded executable: found

signature hits:

298270: suspicious.office Visual Basic macro
1488: suspicious.office Packager ClassID used by CVE-2014-6352 C
10140: string.This program cannot be run in DOS mode
289495: string.LoadLibraryA
23298: string.GetModuleHandleA
23442: string.EnterCriticalSection
23484: string.KERNEL32
23366: string.ExitProcess
23130: string.CreateWindowExA
dropped.file exe 2583a5ed70dcec569898071601682277 / 81920 bytes / @ 10062
dropped.file exe 2965d3566d60700b25666250444481a8 / 213170 bytes / @ 91982


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 10062
md5: 2583a5ed70dcec569898071601682277
sha1: e86b38c221b40d464f07362f8722571ab95fd241
sha256: 0683d9f225d54d48081f53abd7d569b32bc153d98157a5a6b763bc3cf57a6ad6
view strings

exe at 91982
md5: 2965d3566d60700b25666250444481a8
sha1: b926152170d1fdfa6146421d916fa0260d887bf0
sha256: e85c1a9ba583f201eb6e19f04c440cc2f4af5f2632338fa007b7c9c486ddabae
view strings