Cryptam // document analysis


Sample Details

original filename: 44d28c87f9ee330fac6d4e00d183b719495ce44610776f3def38d5a6b16b79f2_kat.doc

size: 602112 bytes
submitted: 2018-10-31 02:51:57
md5: feba92c39e5a5409e0312905bbe39363
sha1: 327d4f4e03964e13311c9cf60b38d8187721bea7
sha256: 44d28c87f9ee330fac6d4e00d183b719495ce44610776f3def38d5a6b16b79f2
ssdeep: 6144:yEM3b2NvewqqGi2ZpmKLGZgCfWRjhVH22mOrONxeiAsCwPnidY2TzG94k6tNllMk:yEqb2YwqqGiMxOgl/gOrW4wKjnbEOaC
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.71 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
411168: string.LoadLibraryA
410292: string.GetModuleHandleA
410352: string.GetCommandLineA
160856: string.GetSystemMetrics
410274: string.GetProcAddress
409944: string.EnterCriticalSection
411950: string.CloseHandle
411902: string.CreateFileA
410618: string.RegOpenKeyExA
410512: string.user32.dll
410414: string.ExitProcess
413006: string.CreateWindowExA
dropped.file exe e0d49a5b003988e140d518f6eaa271a7 / 577536 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: e0d49a5b003988e140d518f6eaa271a7
sha1: 419e1731ae9621d956f0c8f96b5f2eb13c1c714f
sha256: fc80fc8499a092c341272a4eb6762ad1f131279bcc1f5df42ce87e0263220a6c
view strings