Cryptam // document analysis


Sample Details

original filename: 308afea6bd501cde71374865f7963c19ef4b50b2dd418adc83e86eebe63d50cb_po20180522.doc

size: 675840 bytes
submitted: 2018-06-07 06:05:37
md5: 1f5a69e250d023ba9090bf63d010014e
sha1: e929bda50aa80208b2fb2a36f5b1ff2d904b194f
sha256: 308afea6bd501cde71374865f7963c19ef4b50b2dd418adc83e86eebe63d50cb
ssdeep: 3072:eEjCMQDCmZin4RrQ1AO7InlXb/jNHLaQTmHaoZorHO0kY8XAkdZkeH6VMy+AqyKt:eEjCt2D4dOM9/jFGXHaoCU15gXDg
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.64 s
result: malware [20]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
33264: string.user32.dll
dropped.file exe fd0a6435e27b0d1be6acacaf2cc36433 / 651264 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: fd0a6435e27b0d1be6acacaf2cc36433
sha1: 42617880896eb1a199b00c1c05444d5c5e814387
sha256: b2c624865e9ffd6a23ece74359bfb61d679e7d9c12de4c3ab13fed43412d0ab1
view strings