Cryptam // document analysis


Sample Details

original filename: 230b2b0497028516847a78dbd3e21aacb4c13ddc1f2dc7c738f11847ad71a8ba_msnmsgr.doc

size: 1126400 bytes
submitted: 2018-12-01 10:46:22
md5: 72e51742f74c82cedebf7b936170809d
sha1: 30c7808cae796d7e34ee566bd93809108d5888be
sha256: 230b2b0497028516847a78dbd3e21aacb4c13ddc1f2dc7c738f11847ad71a8ba
ssdeep: 24576:Q/Gqb70G6BzzwNMWPPONpGCxW/ZsgYyu:Xq7oXwkFL
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.96 s
result: malware [120]
embedded executable: found

signature hits:

19342: string.This program cannot be run in DOS mode
1083444: string.LoadLibraryA
1083142: string.GetCommandLineA
92372: string.GetSystemMetrics
91902: string.GetProcAddress
1083184: string.EnterCriticalSection
92142: string.CloseHandle
1084590: string.CreateFileA
1031572: string.RegOpenKeyExA
44955: string.user32.dll
1084830: string.KERNEL32
92042: string.ExitProcess
dropped.file exe c4aa15403905dd6dbd5e366dfbe27076 / 495616 bytes / @ 32768
dropped.file exe 403d41553f510c4beacbd2a7b5950892 / 598016 bytes / @ 528384


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 32768
md5: c4aa15403905dd6dbd5e366dfbe27076
sha1: 2b45fc006d73aa1344bdc4b9ec594e00870888dd
sha256: 580c9c48d807b6c1c4390fd644ecdd28f04efa3eb197191d2717eaa670bca55c
view strings

exe at 528384
md5: 403d41553f510c4beacbd2a7b5950892
sha1: 15adbd461dc03cc0d5411c9c2c8abd7f5766e8ae
sha256: 736455bbbda6af99f14dd3a2a3f2e18dac8b20731239751546d1474d2212df7d
view strings