Cryptam // document analysis


Sample Details

original filename: 27a6ec134c182d3081a9089ce33813170c5373aa52948aafae7f5aaa7c9afa8a_jeoueh.doc

size: 708608 bytes
submitted: 2019-02-04 13:08:57
md5: 7cbb14ac4f19b81b66741f494a251de5
sha1: cd8675130e0f91c41bd05e9de08106ebb5fce587
sha256: 27a6ec134c182d3081a9089ce33813170c5373aa52948aafae7f5aaa7c9afa8a
ssdeep: 12288:QERkMOtyjMHpbcLB9ZIl/FJ5GLg5F2qqz6GzGFxZKvYqB6:QEeBHHpQtnEFTYnqSGIvR
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 3.48 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
449238: string.LoadLibraryA
448340: string.GetModuleHandleA
448400: string.GetCommandLineA
180464: string.GetSystemMetrics
448322: string.GetProcAddress
447992: string.EnterCriticalSection
450040: string.CloseHandle
449992: string.CreateFileA
448666: string.RegOpenKeyExA
448560: string.user32.dll
448462: string.ExitProcess
451286: string.CreateWindowExA
dropped.file exe 3ac741b81eeab82275bce0d6c51dc9c0 / 684032 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 3ac741b81eeab82275bce0d6c51dc9c0
sha1: cb4abd1b40741aeb2fa197adc73896de47d95f29
sha256: e0463967a17407f291f7eb3e7d03ba60bdda1a3b4e78e8ea96fd5a17d75522dd
view strings