Cryptam // document analysis


Sample Details

original filename: 971b25b0c707713d7364cd58fa32c197f5d8109d36717297eb40762f258b5daf_me.doc

size: 913408 bytes
submitted: 2019-05-08 06:17:41
md5: 39f7d928c9f2e70ae6710c136b57f513
sha1: 6eb5c4f77dbba052631f09d9dd4894784d2bc478
sha256: 971b25b0c707713d7364cd58fa32c197f5d8109d36717297eb40762f258b5daf
ssdeep: 24576:iEECUNhiwE9v4w0zO20ActTpcCmILYKV+u9O4q864:iEkhilJ0TJcttcCmIf+u9Y864
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.62 s
result: malware [70]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
57366: string.GetCommandLineA
56966: string.GetSystemMetrics
57542: string.GetProcAddress
58148: string.EnterCriticalSection
56864: string.KERNEL32
47555: string.ExitProcess
dropped.file exe b93ae6987ae9c5fecbdd81ed1b601d13 / 888832 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: b93ae6987ae9c5fecbdd81ed1b601d13
sha1: 0227d3d844304a3d715e1efbce304016c0e435cc
sha256: 2658667097bef677d5dc41899aae8dbc733ac71b55222c9308b2eb90e7a344a1
view strings