Cryptam // document analysis


Sample Details

original filename: 3244017201a674d95fd2e0fda7e60c7ad997f9b5ddb9d25469b35efcc8e3e538_nel.doc

size: 598016 bytes
submitted: 2018-10-31 02:51:52
md5: 1aed5a3f2c499fcc142589003c9e616f
sha1: 2969248f1b2b85598342ee9a4f2c3e02e5a1e4af
sha256: 3244017201a674d95fd2e0fda7e60c7ad997f9b5ddb9d25469b35efcc8e3e538
ssdeep: 12288:0Erb2YwqqGiMxOgl/gOrW4wKjn7yxh+k:0Eebq1Xl/DsYWxI
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.75 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
411168: string.LoadLibraryA
410292: string.GetModuleHandleA
410352: string.GetCommandLineA
160856: string.GetSystemMetrics
410274: string.GetProcAddress
409944: string.EnterCriticalSection
411950: string.CloseHandle
411902: string.CreateFileA
410618: string.RegOpenKeyExA
410512: string.user32.dll
410414: string.ExitProcess
413006: string.CreateWindowExA
dropped.file exe 7c23c49e3d90daacbff9c9b51a6e0b69 / 573440 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 7c23c49e3d90daacbff9c9b51a6e0b69
sha1: 0ba59ecfe343d04ed0bc34f02692db4d2e0eb1ea
sha256: 6c0f005b0e305bdaf2191ad81f0c77a6b46e489df15133ea38f80121073b042f
view strings