Cryptam // document analysis


Sample Details

original filename: 400dbc50b591f88b54bb5c294fa56510204eca510540382f81bd6a447ee61fd5_yltlgt.doc

size: 638976 bytes
submitted: 2019-02-07 06:58:24
md5: 61384d722ebd6d9751fe428235a67fcb
sha1: 092356af2079fe55e943b8c14a9e7b3e3e58e19b
sha256: 400dbc50b591f88b54bb5c294fa56510204eca510540382f81bd6a447ee61fd5
ssdeep: 12288:LEh6Wq4aaE6KwyF5L0Y2D1PqLSdGGMXyzVC:LE3thEVaPqLSEGJ
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.92 s
result: malware [50]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
526158: string.LoadLibraryA
526172: string.GetProcAddress
525972: string.KERNEL32
526232: string.ExitProcess
dropped.file exe a3058e65818b570a8f0a857354777e07 / 614400 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: a3058e65818b570a8f0a857354777e07
sha1: 039b2cf0d92e60295490b4673f8514f7cfd07328
sha256: f5a2fb1a5d8a6357991101290830b87d178a5c6bbf9e674c5c87f10b4aabfdac
view strings