Cryptam // document analysis


Sample Details

original filename: 968578036c73b063cb89e654f6bf3bd003728da1f45709120854af8c4dcd3890_MPF00Doc088373-53.2014.9.07.9022.doc

size: 1159168 bytes
submitted: 2019-02-23 12:11:27
md5: 4a2554cb28be822e52501efcc9d8fd20
sha1: 4e9fda19fbba122319e1e563c4c87a28fb008c2e
sha256: 968578036c73b063cb89e654f6bf3bd003728da1f45709120854af8c4dcd3890
ssdeep: 24576:SxGqb70G6BzzwNMWPPR9gXdqjF54/JuOplFB09:Xq7oXwaln
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.64 s
result: malware [120]
embedded executable: found

signature hits:

19342: string.This program cannot be run in DOS mode
1114708: string.LoadLibraryA
1114406: string.GetCommandLineA
92372: string.GetSystemMetrics
91902: string.GetProcAddress
1114448: string.EnterCriticalSection
92142: string.CloseHandle
1115964: string.CreateFileA
1060844: string.RegOpenKeyExA
91536: string.user32.dll
1116160: string.KERNEL32
92042: string.ExitProcess
dropped.file exe 509e714daf14c4a56ec27393cb77074c / 630784 bytes / @ 528384


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 528384
md5: 509e714daf14c4a56ec27393cb77074c
sha1: 0ddcdedee341c62d931aefcc493915a779272ef8
sha256: 4389375942d8f0120d37af9a4d6ab77db8edb87abb494a6a1941b509d968a8c8
view strings