Cryptam // document analysis



Sample Details

original filename: 1234.doc

size: 157696 bytes
submitted: 2019-06-23 10:49:58
md5: 458d5a87334e9e827654a36da1a8a30e
sha1: bde998023c7d6b2fb33272c3f9f217e59f3a4c2a
sha256: 1e1d2740f3cdaccbdd45707ca0afa0c760614712adc636f4d14271395680288f
ssdeep: 3072:cwXwwwu5wdf8wwHy8DwrRW6ocVE4hRIqQsrnYd:BuhRIiq
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 5.75 s
result: malware [40]
embedded executable: found

signature hits:

98894: xor_0x88.string.This program cannot be run in DOS mode
155315: xor_0x88.string.LoadLibraryA
155331: xor_0x88.string.GetProcAddress
156218: xor_0x88.string.user32.dll
dropped.file exe 59e218ed791dcc9e5848640d1e5e2857 / 58880 bytes / @ 98816


Cryptanalysis


key length: 1 bytes
key:

zero space not replaced: yes
entropy: 100.00%


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 98816
md5: 59e218ed791dcc9e5848640d1e5e2857
sha1: fd3447d6330f9951445e8d8925a3aa261d84f8c0
sha256: 82f893d12188886f5704e1ecdbbf41b823898cc2c283c997886e28b0184ee742
view strings