Cryptam // document analysis


Sample Details

original filename: 445342537392aa1e3756715d6f4eaafa281c4b8d5a8bfd104978ce4ce1635ac1_nrrymv.doc

size: 802816 bytes
submitted: 2018-10-04 06:10:07
md5: dba4ccecc8307d0605845fd39e42ae5e
sha1: eb125af24da96fa4d4edd94cec7dab168735309e
sha256: 445342537392aa1e3756715d6f4eaafa281c4b8d5a8bfd104978ce4ce1635ac1
ssdeep: 12288:RECBgTPdY62emG5ZDn+JYJn5cNoHS/2OcO1CPvqs7IZhDy:RECSzOcmyxnFNrHlbZCs
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.42 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
537300: string.LoadLibraryA
536444: string.GetModuleHandleA
536504: string.GetCommandLineA
196236: string.GetSystemMetrics
536426: string.GetProcAddress
536096: string.EnterCriticalSection
538152: string.CloseHandle
538104: string.CreateFileA
536770: string.RegOpenKeyExA
536664: string.user32.dll
536566: string.ExitProcess
539562: string.CreateWindowExA
dropped.file exe 337d67f929bd07ab7d102c1ac7dc6f7d / 778240 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 337d67f929bd07ab7d102c1ac7dc6f7d
sha1: bc3ffae57c5d22d636d53a8bd47c63efaf73aa79
sha256: 0816ac38333796677770d749b685d15a40b49be82474077f7fb0a74b37e5b047
view strings