Cryptam // document analysis


Sample Details

original filename: 57b9361a34780a3ed3778dbc3eae2a1eddb9a0ead3a9e65a16c942920c6ebb70_client.doc

size: 413184 bytes
submitted: 2018-10-04 10:58:19
md5: 9005a04f98874503b3092e5afde862b5
sha1: bebce7e60e9f68b7d085dd306b180ff14d362fde
sha256: 57b9361a34780a3ed3778dbc3eae2a1eddb9a0ead3a9e65a16c942920c6ebb70
ssdeep: 6144:+oFAMcspK2J10qdSlEc39HGVJrnRIZAPuK/8sZfbv4WM9Nu+i0x:hSMcgKF6h2K/XZz419Nu+i0x
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.08 s
result: malware [40]
embedded executable: found

signature hits:

55886: string.This program cannot be run in DOS mode
318084: string.GetProcAddress
254934: string.user32.dll
255004: string.shell32.dll
dropped.file exe b3ba6f3318e57ad35cf64ce4a3ebd3b6 / 357376 bytes / @ 55808


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 55808
md5: b3ba6f3318e57ad35cf64ce4a3ebd3b6
sha1: 9c8e795d23be265c5906fe421a98244c880e1a0c
sha256: 86ad6ead38e037a8f28ebd0f700ec6f3a084ad7a437245e41b6d7391a8bbfd8b
view strings