Cryptam // document analysis


Sample Details

original filename: 5c9084229b4d1e15a663654cc3ed6468e5882e03d852cc85150d15abfe08ca40_may.doc

size: 827392 bytes
submitted: 2019-02-21 07:37:31
md5: dd4f7e0e9ca9649c7e90b83b6d8039b4
sha1: a3127e0d4fbbe5df7b716f168601c8275c441afe
sha256: 5c9084229b4d1e15a663654cc3ed6468e5882e03d852cc85150d15abfe08ca40
ssdeep: 12288:6EtWdF8dyyzmPAK0IcmH5wbqo2OJZWmjhvTe7KOFy5sZla6N0Za6JQ1:6EteGhmPp0IT5K8mjhvfOQSlnu7W
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.13 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
536834: string.LoadLibraryA
535940: string.GetModuleHandleA
536000: string.GetCommandLineA
185088: string.GetSystemMetrics
535922: string.GetProcAddress
535592: string.EnterCriticalSection
537694: string.CloseHandle
537646: string.CreateFileA
536266: string.RegOpenKeyExA
536160: string.user32.dll
536062: string.ExitProcess
538970: string.CreateWindowExA
dropped.file exe b75685e75c9c32eae679b4efa032e90f / 802816 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: b75685e75c9c32eae679b4efa032e90f
sha1: 7ecf326ef16e6c59902077176dcdd580a577f176
sha256: 1d6a16f00d6b84f4ec12912c5ee2492a764c62e267778158c42cfff468094d43
view strings