Cryptam // document analysis


Sample Details

original filename: 8995aef699e88382ac40fa6d47ec2afda6023772672874f04b85830dc3773338_uac.doc

size: 1175552 bytes
submitted: 2019-05-09 09:44:16
md5: 799ce3c4b90444079b184ebf72547133
sha1: 224a35809bef29c1d6ad300722bfe6821e9a9448
sha256: 8995aef699e88382ac40fa6d47ec2afda6023772672874f04b85830dc3773338
ssdeep: 24576:XEmAHnh+eWsN3skA4RV1Hom2KXMmHalqOfl3iJgtKSN5:XEBh+ZkldoPK8Yal2oKs
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.61 s
result: malware [90]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
795902: string.LoadLibraryA
800328: string.GetSystemMetrics
795918: string.GetProcAddress
801386: string.CreateProcessA
796784: string.EnterCriticalSection
794840: string.CloseHandle
797800: string.KERNEL32
623043: string.ExitProcess
dropped.file exe 950ba411b5d4a87511d31c812a37048d / 1150976 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 950ba411b5d4a87511d31c812a37048d
sha1: 082c0c7fdba6905e0d3fbe61764cf01737ad9004
sha256: 0e90e6860f0cd73e0492fc8417dc9e5afdbe3a66a3ac263b27078dd43e357527
view strings