Cryptam // document analysis


Sample Details

original filename: 53ec75806dfc81720ed1d92becab4e6c461f3735322e64042242c2807a6b46a7_chi.doc

size: 815104 bytes
submitted: 2019-02-21 07:37:26
md5: d7a2a8fbc7567a9146accb12ab4535a3
sha1: c15d6de50d865a8ed9ae89abd6f96e5595de0f08
sha256: 53ec75806dfc81720ed1d92becab4e6c461f3735322e64042242c2807a6b46a7
ssdeep: 12288:cENWdF8dyyzmPAK0IcmH5wbqo2OJZWmjhvTe7Kx16C9pajtUo8czx:cENeGhmPp0IT5K8mjhvfxQCmjmoZ
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.12 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
536834: string.LoadLibraryA
535940: string.GetModuleHandleA
536000: string.GetCommandLineA
185088: string.GetSystemMetrics
535922: string.GetProcAddress
535592: string.EnterCriticalSection
537694: string.CloseHandle
537646: string.CreateFileA
536266: string.RegOpenKeyExA
536160: string.user32.dll
536062: string.ExitProcess
538970: string.CreateWindowExA
dropped.file exe a3b56b0448a4bb3680266cfd18ea2c18 / 790528 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: a3b56b0448a4bb3680266cfd18ea2c18
sha1: 40a34a626fdafee5d787ae1f93ce5882c8e5bc81
sha256: a66cb18a706ef204cca75a17ca153f68cfd3d5d9f8debb2b54930c8f00289e9a
view strings