Cryptam // document analysis


Sample Details

original filename: 58fe43655ce6b80528665a0be099ca3e23963d8ca9e3efc6aa976ef2ebc1e879_inv.doc

size: 724992 bytes
submitted: 2018-12-14 08:09:30
md5: 3ad2d59f3fc407aba982b3a34114900e
sha1: eb67a5ad53a1645d0745062a8cbfe8ce228387d4
sha256: 58fe43655ce6b80528665a0be099ca3e23963d8ca9e3efc6aa976ef2ebc1e879
ssdeep: 12288:4EePxidD6bn6yyZNJmKmTM0pnHhFx/fDTVlX/FZTFyE6xvb6o:4EepEc6y6HmTnNHJjTDFyll6o
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.24 s
result: malware [140]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
542880: string.LoadLibraryA
541992: string.GetModuleHandleA
542052: string.GetCommandLineA
174204: string.GetSystemMetrics
541974: string.GetProcAddress
541644: string.EnterCriticalSection
543808: string.CloseHandle
543760: string.CreateFileA
542318: string.RegOpenKeyExA
542212: string.user32.dll
253188: string.shell32.dll
542114: string.ExitProcess
545116: string.CreateWindowExA
dropped.file exe f63685bb544617a9fab3865a70e7ce26 / 700416 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: f63685bb544617a9fab3865a70e7ce26
sha1: df377b2f71a634b7dcd84043c851f948a284ba4c
sha256: 43cb2daff095270c2f9128700df137c05f51f52eba1fe4fdaffcf22dc5c2610c
view strings