Cryptam // document analysis


Sample Details

original filename: 50a7b3c9d989147ecf04872df6ab9a4f6b9895b8453323ab3ce0b88c8968f24b_py.1.doc

size: 692224 bytes
submitted: 2019-05-22 06:05:40
md5: 7103c65f3e153df243e6fc51ac790917
sha1: ed743849f04ad39cecf6d930b3c2c1218538366f
sha256: 50a7b3c9d989147ecf04872df6ab9a4f6b9895b8453323ab3ce0b88c8968f24b
ssdeep: 12288:HEni7z/UculOW/BNu/ZEHH9cm/XO8bcUM7mLiBx7oboZsRRioduMs:HEg9Vx/Z6xXHQmL1EZsRRhy
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.06 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
438294: string.LoadLibraryA
437460: string.GetModuleHandleA
437520: string.GetCommandLineA
162544: string.GetSystemMetrics
437442: string.GetProcAddress
437112: string.EnterCriticalSection
439106: string.CloseHandle
439058: string.CreateFileA
437786: string.RegOpenKeyExA
437680: string.user32.dll
437582: string.ExitProcess
440172: string.CreateWindowExA
dropped.file exe ef9ff5252ea185f061d5bbb063fb2379 / 667648 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: ef9ff5252ea185f061d5bbb063fb2379
sha1: 111a0025b28bc4a20961bf796e46398f96e02139
sha256: 4b631e98f5610dba40c19bef9a2ea94259ae949ced48837525e3f23ec70fa01d
view strings