Cryptam // document analysis


Sample Details

original filename: 81dfa04493332ea06d4bd64eb130545c6fb04c8355f2b99e8d86cb01a6d72263_60secs.doc

size: 1191936 bytes
submitted: 2019-05-24 06:16:09
md5: 51a7f1eece006c23c162b681d0b1818c
sha1: 04a733d4b3d14d4411097779ec497de17fba5a5b
sha256: 81dfa04493332ea06d4bd64eb130545c6fb04c8355f2b99e8d86cb01a6d72263
ssdeep: 24576:gSMc9AHnh+eWsN3skA4RV1Hom2KXMmHaM5KgvCUo888Wr1fd5:gSMcch+ZkldoPK8YaM5taUN88WR
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.86 s
result: malware [90]
embedded executable: found

signature hits:

62030: string.This program cannot be run in DOS mode
833278: string.LoadLibraryA
837704: string.GetSystemMetrics
833294: string.GetProcAddress
838762: string.CreateProcessA
834160: string.EnterCriticalSection
832216: string.CloseHandle
835176: string.KERNEL32
660419: string.ExitProcess
dropped.file exe e0c675cebfd03bd08f81d4bdb00cc6a8 / 1129984 bytes / @ 61952


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 61952
md5: e0c675cebfd03bd08f81d4bdb00cc6a8
sha1: 1811f5542f97744cba26a01fc6c1e4fb50eb0d10
sha256: 111d9542fd2d3c6c33b83e269fa6a706dde18e47ccbbafe896a95fb7e25f02ab
view strings