Cryptam // document analysis


Sample Details

original filename: 659b0101cf2a80010a2254f632a3964ca0917c65694e6cdcdb258f2ea36c30b4_anolom.doc

size: 495616 bytes
submitted: 2018-11-29 19:41:05
md5: cbd7b03a1410f9d9c404a33020c2c49f
sha1: 46873e92417016950176968517a80cd4f83f2927
sha256: 659b0101cf2a80010a2254f632a3964ca0917c65694e6cdcdb258f2ea36c30b4
ssdeep: 12288:uE4cI068+xWfFSAUadblygLj69i4r8dO2C7qM:uEB6kNBlygy9brsO2C7qM
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.72 s
result: malware [30]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
362898: string.LoadLibraryA
362949: string.GetProcAddress
dropped.file exe a168545534dfcb9b80db8330cce01cb4 / 471040 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: a168545534dfcb9b80db8330cce01cb4
sha1: ea46444fb9204c325225431a1bac6cfff30ef4f5
sha256: a315275e7f298175f2b05d4037113d3fd9221355e51fcf1732baf91ab28e5ff6
view strings