Cryptam // document analysis


Sample Details

original filename: 18961f476838b3111f8cd49df6374610fde68a7d3dbe65c5b38eaa802c3e411c_2.doc

size: 569344 bytes
submitted: 2019-05-08 06:15:26
md5: c7bcafec28a18df8ffd3ecffa14c90e2
sha1: d9bf71772e1c2333d60f99ab175bcf8370a933b0
sha256: 18961f476838b3111f8cd49df6374610fde68a7d3dbe65c5b38eaa802c3e411c
ssdeep: 12288:vE2ZD+dJDiSnWgQVEBRv1xXJX6U/7AZZDL564:vE0UYVEBRfX9/76ZD964
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.95 s
result: malware [70]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
57366: string.GetCommandLineA
56966: string.GetSystemMetrics
57542: string.GetProcAddress
58148: string.EnterCriticalSection
56864: string.KERNEL32
47555: string.ExitProcess
dropped.file exe 6213619ae60b5b63c2dc683b6fdb579e / 544768 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 6213619ae60b5b63c2dc683b6fdb579e
sha1: fe4d63d8eb9871855ddeb815a1502f0afcfda87f
sha256: 7c88a052b05dbacaad7233a71fef6086ed39c8c748b129ccf1c8d9653fbb0dc0
view strings