Cryptam // document analysis


Sample Details

original filename: 4b035782cd8f07b1c34406293d073e6b5d88ca5de526cb91c7cb777cb78dd38f_d.doc

size: 503808 bytes
submitted: 2018-08-04 12:50:28
md5: be0754220de12d70e68bb62f2e2c5c90
sha1: 7a20184dc9d23aa3e50b482051db12022abeaf9e
sha256: 4b035782cd8f07b1c34406293d073e6b5d88ca5de526cb91c7cb777cb78dd38f
ssdeep: 6144:5EBCVTHMRmb2zpX1rW2Jvkb1tDsY6JQRQ6sgmKvNYzP04ltZZkQlYY0OO9oN:5EcVGX5a1tD2+RnNW0
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.33 s
result: malware [60]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
83584: string.CloseHandle
75612: string.CreateFileA
65824: string.RegOpenKeyExA
68260: string.shell32.dll
73552: string.ExitProcess
dropped.file exe 80c2b643a788aafce3ef6bfb6df4dfc3 / 479232 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 80c2b643a788aafce3ef6bfb6df4dfc3
sha1: 278508853b1001046465a37475c9818ca653006f
sha256: d4e78f67c15f34f67762203167e860ab481ea2ccdca10e6810c28f08b0c00f37
view strings