Cryptam // document analysis


Sample Details

original filename: 28c0ed6804e0d95f7ab8b2395bfa7d39277db73497d53a8f585b509983860bf8_baz.doc

size: 626688 bytes
submitted: 2018-12-14 07:14:59
md5: e7a135f1c036a4ca9f1a8ba17a5e5e06
sha1: 5c0202a6e0c1e6af0b5d23ba8c8b126158ff085c
sha256: 28c0ed6804e0d95f7ab8b2395bfa7d39277db73497d53a8f585b509983860bf8
ssdeep: 12288:0E3G1+UNe5daeU6mG7LAP+nPvO35Uhrj5noDdahqEP9nrcebv:0E325NQRUbGX+35sXhqQBrHb
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.98 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
444422: string.LoadLibraryA
443588: string.GetModuleHandleA
443648: string.GetCommandLineA
160896: string.GetSystemMetrics
443570: string.GetProcAddress
443240: string.EnterCriticalSection
445218: string.CloseHandle
445170: string.CreateFileA
443914: string.RegOpenKeyExA
443808: string.user32.dll
443710: string.ExitProcess
446344: string.CreateWindowExA
dropped.file exe a45c587b8519cb6523330d6880c26d41 / 602112 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: a45c587b8519cb6523330d6880c26d41
sha1: c66a58c4615677d202018906f847503554b062ab
sha256: d2d502d746cb2f2560a1027cd4a27a9be2c1c7c45515e04c1936dbb887eaad67
view strings