Cryptam // document analysis


Sample Details

original filename: 7ae8f0f6cb792ddd332f78b7bc0532679db76c021b8714adb846b2562d1769cb_WiFi_Backup_Manager-3637.doc

size: 557056 bytes
submitted: 2019-05-23 14:26:20
md5: a46d0ac0b983e373441a7e967eaa0026
sha1: 0dbc47279b81688bf1097c107d204956849906b7
sha256: 7ae8f0f6cb792ddd332f78b7bc0532679db76c021b8714adb846b2562d1769cb
ssdeep: 12288:jpNQzCLUslVj/ua7wCgBuCxV8LftUWyZ/:jpizCXj/u1CgBuCQho
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.53 s
result: malware [140]
embedded executable: found

signature hits:

54862: string.This program cannot be run in DOS mode
257820: string.LoadLibraryA
257700: string.GetModuleHandleA
258416: string.GetCommandLineA
257682: string.GetProcAddress
259228: string.EnterCriticalSection
259496: string.GetEnvironmentVariableA
257720: string.CloseHandle
259798: string.CreateFileA
79856: string.Advapi32.dll
257524: string.RegOpenKeyExA
258310: string.RegDeleteKeyA
257890: string.KERNEL32
67187: string.ExitProcess
dropped.file exe f8389191a64283c8cde49faafee8487c / 502272 bytes / @ 54784


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 54784
md5: f8389191a64283c8cde49faafee8487c
sha1: 1ed85040eebee44588cc5b096a43d4355e22cbf6
sha256: 74aa37b4df071071a7913ef0e7e03536526eefaf446a580d951f255c7437be0b
view strings