Cryptam // document analysis


Sample Details

original filename: 1c9fe57b3adaa58d86bcc8f683d6496c1ce40ee468434d768543910e8442f999_1.doc

size: 569344 bytes
submitted: 2019-05-08 06:14:52
md5: 83b69eea871d47f29f6e915c632f9f53
sha1: da5db622f0621ee4be02317824356da74be40dc3
sha256: 1c9fe57b3adaa58d86bcc8f683d6496c1ce40ee468434d768543910e8442f999
ssdeep: 12288:nE2ZuBvktDledjKMvDwwML2FD6rXNZpFI64:nERcohHrR3FDmXNji64
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.01 s
result: malware [70]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
57366: string.GetCommandLineA
56966: string.GetSystemMetrics
57542: string.GetProcAddress
58148: string.EnterCriticalSection
56864: string.KERNEL32
47555: string.ExitProcess
dropped.file exe cd9c6433f1e05ad97cbde04a03a1c0d4 / 544768 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: cd9c6433f1e05ad97cbde04a03a1c0d4
sha1: 51c2204aa24fba3e815f99394f0bf39ad1491107
sha256: 7b153a661a7b32d1c0713a3bf710ae61175901aca13c1003cfcb3b34c7969eac
view strings