Cryptam // document analysis


Sample Details

original filename: 796076219b83d1461d9c56035e2b52c9879e0418a33e57e5e972bf7024e07fa3_hqrwpd.doc

size: 454656 bytes
submitted: 2019-02-21 07:37:11
md5: e2f01abaf98c1d962f2aa65128e23582
sha1: 6e867141d7294595545e7805e2d5e3c9c013257b
sha256: 796076219b83d1461d9c56035e2b52c9879e0418a33e57e5e972bf7024e07fa3
ssdeep: 12288:XER6Wq4aaE6KwyF5L0Y2D1PqL1952Mv8/hsDv:XEnthEVaPqL199v8/G
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.56 s
result: malware [50]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
341898: string.LoadLibraryA
341912: string.GetProcAddress
341712: string.KERNEL32
341972: string.ExitProcess
dropped.file exe d6b8a41d1a124c28f8253d503e3a1ee9 / 430080 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: d6b8a41d1a124c28f8253d503e3a1ee9
sha1: 180af7da83156e8f24b8f19014671a8c1a4d992c
sha256: b8f95baee884d87584dc84927eaca6cb5a6e98eb30546535cd78e158bfc2dda3
view strings