Cryptam // document analysis


Sample Details

original filename: traveldoc4.xlsx

size: 145826 bytes
submitted: 2019-05-10 12:46:41
md5: 7695e2dc39975320f70ed1fe5b4bba11
sha1: 468fa2967b62f47152b70ffdc8ffba7af7dfc8c3
sha256: 7092455b4306de907780015a49b1a20dd2ef170a024e80dee7f5e997d28b5bbf
ssdeep: 768:f6YAcD8LljAqJgQlyaycjI24BXxH5VKLZd7pxUF2Q282hZMIb5PoGvw9AS5VebKu:N8+qJgQlz8HkUcziIp9v27mKWCk4UOIL
content/type: CDFV2 Encrypted
analysis time: 1.05 s
result: malware [50]
embedded executable: found

signature hits:

50400: string.This program cannot be run in DOS mode
72608: string.LoadLibraryA
72622: string.GetProcAddress
72538: string.KERNEL32
72654: string.ExitProcess
dropped.file exe 1a6314484d08db2d773736da1630214b / 95504 bytes / @ 50322


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 50322
md5: 1a6314484d08db2d773736da1630214b
sha1: 1a7758ec8cbe51fe6db5d9e545db0c8aa999e5e1
sha256: 2f8a1572b9ae335bd08d3580ac535297587c8aef45526460ad62e1535b8b8903
view strings