Cryptam // document analysis


Sample Details

original filename: 7a66061fc2859b80ce65e6de949cc250079f701b6134a848fbe2b4cd77c71ac7_dixl.doc

size: 389120 bytes
submitted: 2018-06-05 06:06:46
md5: 8ffefa34a398a6c6bdeaa2455be6c852
sha1: d4e740d365c587a5090b067a99992e3b0528965e
sha256: 7a66061fc2859b80ce65e6de949cc250079f701b6134a848fbe2b4cd77c71ac7
ssdeep: 6144:nEEDVvn1P+nHNVmiQdK1Jhhk7U3xizTFtETIMioEnacCmxKK2Ztnwkp1:nEal1P+ntVtLXkQ3ItiTIToEacpUpwkb
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.29 s
result: malware [40]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
81398: string.GetSystemMetrics
80992: string.GetProcAddress
81415: string.user32.dll
dropped.file exe 9958e41e68b5ff872aadc556fd331932 / 364544 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 9958e41e68b5ff872aadc556fd331932
sha1: 882be6d49f877708927965b36f313d2832765cb1
sha256: f9c5133a501795b58c373e152f871fb6e0580841ad6d6650a61f7f550bc9df84
view strings