Cryptam // document analysis


Sample Details

original filename: 369f9ecabbd6de3b8dfff6f2c4664db7458d257d934b9329a15f58394a610a1e_non.doc

size: 671744 bytes
submitted: 2018-12-16 14:54:16
md5: cc1404109cd9638b5d2f6358a668d9d3
sha1: 26a3fc33401b2cb85001bb1629070bdb4b0ee8f3
sha256: 369f9ecabbd6de3b8dfff6f2c4664db7458d257d934b9329a15f58394a610a1e
ssdeep: 12288:xETW/FrZ/nO5bY8+V9Ow0lsDGOmHaJBjwWZ2iyZbD:xEqdRO6VWupjBjpZ2iyN
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.98 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
482406: string.LoadLibraryA
481572: string.GetModuleHandleA
481632: string.GetCommandLineA
170616: string.GetSystemMetrics
481554: string.GetProcAddress
481224: string.EnterCriticalSection
483304: string.CloseHandle
483256: string.CreateFileA
481898: string.RegOpenKeyExA
481792: string.user32.dll
481694: string.ExitProcess
484618: string.CreateWindowExA
dropped.file exe 03f1c535eeb5923ab0e9a5d77c9064ce / 647168 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 03f1c535eeb5923ab0e9a5d77c9064ce
sha1: a5d4ed14bba68602dac3606cda9bb89e519e2442
sha256: efd51f1dfb82cd95a09febfd33d8b49a18c9c6d6503758bb4c23e9b6d6f7105f
view strings