Cryptam // document analysis


Sample Details

original filename: 7cb3d04acd0592f85aae6f86b4323bd577852e42893c7883c515ac2ae58358cf_ua.doc

size: 593920 bytes
submitted: 2018-06-08 06:07:44
md5: d589caea2c9c66c42a2393d0f60f3a80
sha1: 30e49879f7f73d3263b9fc4dc0d7463bd2a6b1c9
sha256: 7cb3d04acd0592f85aae6f86b4323bd577852e42893c7883c515ac2ae58358cf
ssdeep: 12288:HE/ryTiTkYJDoHKHjxQzQqFphv8zn3WDEZhS16vWkH6oxB7+esTCmK:HEzyTiTtDxnqFXEznfZOMW+xo2m
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.85 s
result: malware [80]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
456259: string.LoadLibraryA
456240: string.GetModuleHandleA
456223: string.GetProcAddress
457105: string.URLDownloadToFileA
456612: string.user32.dll
456721: string.shell32.dll
457025: string.CreateWindowExA
dropped.file exe c04204b0f5fff717d673e4cd0f04421a / 569344 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: c04204b0f5fff717d673e4cd0f04421a
sha1: e5f478a2490eb02422eb042c4cd1044407ce79a0
sha256: 94d3120d52c4fd427de563180e99485a5f854527c000f0e5127c6992f85d6d13
view strings