Cryptam // document analysis


Sample Details

original filename: 60c1d2a01f0d7b5d1b557e07ef6810798a03f22cb2e20343653bd121a19eedc5_na.doc

size: 602112 bytes
submitted: 2018-06-15 09:25:45
md5: 931462f4bede97b7ee066027ce5e6d81
sha1: ebe2af1988982961db1ef7e6b08b4c02ef2dc038
sha256: 60c1d2a01f0d7b5d1b557e07ef6810798a03f22cb2e20343653bd121a19eedc5
ssdeep: 12288:lEcTXGrqD7vrpthceoyhT4NOogEeFWdQZVhSad4v+esTCmHwd:lEcTXvrdRoAslHkLhVdd2mHwd
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.81 s
result: malware [70]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
435267: string.LoadLibraryA
435248: string.GetModuleHandleA
435231: string.GetProcAddress
435700: string.user32.dll
435832: string.shell32.dll
436191: string.CreateWindowExA
dropped.file exe 1baa9cd41d4e18ad7bd3ab4ca55372da / 577536 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 1baa9cd41d4e18ad7bd3ab4ca55372da
sha1: 768cf17392585a93f5b33f12642a3e959f88bf37
sha256: b447577ee66f0b383dac799f146768cb14549b19b34592a11b16b66920d416c5
view strings