Cryptam // document analysis


Sample Details

original filename: 1e77319c40712b1ab8e5cd2202e1bcd26094055ae626819062600973797ad015_download_vivaldi.1.13.1008.41_sib.doc

size: 593920 bytes
submitted: 2018-06-17 10:39:37
md5: b019cb31bf6351ae173643de93c1e7a3
sha1: e65a4fc5f333c301a3bd07ba8170dc60270b8703
sha256: 1e77319c40712b1ab8e5cd2202e1bcd26094055ae626819062600973797ad015
ssdeep: 12288:LdLFXH30XgKLI0t8vEY1J+u27r+7kbvBcHx:lS1tkp1J+uCvBcHx
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.00 s
result: malware [90]
embedded executable: found

signature hits:

147534: string.This program cannot be run in DOS mode
555504: string.GetModuleHandleA
343742: string.GetCommandLineA
553838: string.GetSystemMetrics
341094: string.GetProcAddress
342930: string.EnterCriticalSection
340698: string.CloseHandle
341550: string.KERNEL32
310911: string.ExitProcess
dropped.file exe c090d13b96aec4a4fd31a0de2b08009f / 217088 bytes / @ 147456
dropped.file exe dcde84df1a391b53faec97cd9d4bbef8 / 229376 bytes / @ 364544


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 147456
md5: c090d13b96aec4a4fd31a0de2b08009f
sha1: 0c35e87dcacbd8b292eff2cbd759e10cda4303d9
sha256: 0bbdbb756feef5069291bddd151597b19742a9f7d9e82cb237ea9e522a86508a
view strings

exe at 364544
md5: dcde84df1a391b53faec97cd9d4bbef8
sha1: afe2c445d46bb03912771b5f7a00f13598ae95e6
sha256: 3c50cf04b60cceb828cfea88d8f7a3e2509b43a85e77058c74dc8e29f70bd428
view strings