Cryptam // document analysis


Sample Details

original filename: traveldoc1.xlsx

size: 145826 bytes
submitted: 2019-05-10 10:17:01
md5: aaacfa9d76649f54634c1db490f2cefd
sha1: 437bc306d24eb7674e3a44c6d58223517c5ed05a
sha256: 4993b397ab8640b161f40a15f40ff37deb7c609e7924d53c551e85761512b18c
ssdeep: 768:f6YAcD8LljAqJgQlyaycjI24BXxH5VKLZd7pxUF2Q282hZMIb5PoGvw9AS5VebKJ:N8+qJgQlz8HkUcziIp9v27mKWCk4UOXL
content/type: CDFV2 Encrypted
analysis time: 1.09 s
result: malware [50]
embedded executable: found

signature hits:

50400: string.This program cannot be run in DOS mode
72608: string.LoadLibraryA
72622: string.GetProcAddress
72538: string.KERNEL32
72654: string.ExitProcess
dropped.file exe cf9146135a65d85a04b1c11475abbbf3 / 95504 bytes / @ 50322


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 50322
md5: cf9146135a65d85a04b1c11475abbbf3
sha1: 49e2251d8d5f77ffd85479130af1a6081fa9a148
sha256: ef26794acd5be39bcb7f9fc8269af04d7400ad9b11a528363ea5e4bbfe3e7d16
view strings