Cryptam // document analysis


Sample Details

original filename: 2db0d3334ebe5945d554bbeddad6ea75045f4cd4abd8b9910599bbefb88f7ec4_faxuhuqaf.doc

size: 647168 bytes
submitted: 2018-11-29 19:05:54
md5: 012cf1971452d9ff7008668ef37196fb
sha1: dde5fc8a7941e868f7e36e04b6c444a9889a8e89
sha256: 2db0d3334ebe5945d554bbeddad6ea75045f4cd4abd8b9910599bbefb88f7ec4
ssdeep: 12288:vE0GkyUsHw8LVNUNT2rzpgb1bh52c5eVxIHE:vE+Uw8BuxQ1kadVe
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.99 s
result: malware [40]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
351533: string.LoadLibraryA
351585: string.GetProcAddress
438744: string.user32.dll
dropped.file exe 511fdf8d05b9acb601b130ef29cefce0 / 288486 bytes / @ 24576
dropped.file elf 600794fb0243e38920c9c29e2b8b4e6a / 334106 bytes / @ 313062


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 511fdf8d05b9acb601b130ef29cefce0
sha1: 744dfa5e4f30bdea07caaba4844e13945cda7abd
sha256: 09c0ae8626af23347b6fc47422c7af50b6520433780b21c0f72d0e289e7a93d3
view strings

elf at 313062
md5: 600794fb0243e38920c9c29e2b8b4e6a
sha1: 60ca6560418bbb2d97fb208f9522736e3a5c1894
sha256: 9812e077e8445691cf5a409a45f2f31c3ab6d673441daaa4078913b15f880104
view strings