Cryptam // document analysis


Sample Details

original filename: 3af43eecff8b9378a9ad975e8bc6f5d2983943d1fa4b24e23cf3fc201e926c8e_lofyt.doc

size: 835584 bytes
submitted: 2018-06-16 06:04:10
md5: bde4b1ef9f933d8895a0431c7b44a4c7
sha1: b08ca88f46eade754fb65a5458686aebe7f0fc32
sha256: 3af43eecff8b9378a9ad975e8bc6f5d2983943d1fa4b24e23cf3fc201e926c8e
ssdeep: 3072:zEiHwTTivWbWR+Ry8r5nu6n7gt4Mj6CNDUsBQN/iUBuPn2Y7LVTV2xLNRny2DtM:zEzniubWYRy8r5u5cWDLON/7DYtT
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.51 s
result: malware [20]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
54047: string.GetProcAddress
dropped.file exe 9df24007a5852d8a33c712eb3f7c3cc1 / 811008 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 9df24007a5852d8a33c712eb3f7c3cc1
sha1: 8bf224063c6430b0e648ae42aba148b808b44e2d
sha256: b7bfbab3eb7fd66163c5f890548851fd8f2d9c78bd96d06ae9a5319bd39d494a
view strings