Cryptam // document analysis



Sample Details

original filename: asmonnwqkg.gif.zip

size: 1013248 bytes
submitted: 2019-08-15 15:39:59
md5: 9de88b85093ded152bb2dec098c76c15
sha1: ef512f9b128178367352678d9eb988fda1b7bb73
sha256: 79997f8697f06842f5afbd59a3d1d7eb3bcbe1433ade40a56c9827ab6d66738d
ssdeep: 24576:Mi83ari7cFNZGzZ0Q/jxp2uMPd5kofLIpL/UiGPLTwQYi:MPqLFNiD3tmcpmLs
content/type: data
analysis time: 5.35 s
result: malware [140]
embedded executable: found

signature hits:

80: string.This program must be run under Win32
925210: string.LoadLibraryA
390792: string.GetModuleHandleA
924098: string.GetCommandLineA
172488: string.GetSystemMetrics
388485: string.GetProcAddress
926386: string.CreateProcessA
923648: string.EnterCriticalSection
390620: string.CloseHandle
926418: string.CreateFileA
924394: string.RegOpenKeyExA
396236: string.user32.dll
924160: string.ExitProcess
927822: string.CreateWindowExA
dropped.file exe 1b3d62fadcabfa09bc3f63be9ce4b518 / 1013248 bytes / @ 0


Cryptanalysis


key length: 32 bytes
key:

occurrences in file: 76
entropy: 62.50%


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 0
md5: 1b3d62fadcabfa09bc3f63be9ce4b518
sha1: 0e640f062baaf170b5c28ca37d2addef7a463f64
sha256: 9093d3d7768c73a470a2b9f2b846661b66f3b7b398ae50871ca0b69a70a65d1a
view strings