Cryptam // document analysis


Sample Details

original filename: a88b053dc70f16c9fd3185e3c1b3f88bdf312abe3060cff069fa7935555ba1a4_oh.doc

size: 503808 bytes
submitted: 2018-08-04 12:48:04
md5: e3b5875a54367940a7f0b6ef8a23bf7a
sha1: 1fd429d76d1181b1dfcf9b6e82d8ea54bf91430e
sha256: a88b053dc70f16c9fd3185e3c1b3f88bdf312abe3060cff069fa7935555ba1a4
ssdeep: 6144:EEbMJSbhdFVsU9saLAhLiIHW0Bpcal7tPtEUjor:EEgWh7Vb9sagWg3tPCU
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.24 s
result: malware [60]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
83328: string.CloseHandle
75344: string.CreateFileA
65552: string.RegOpenKeyExA
67988: string.shell32.dll
73284: string.ExitProcess
dropped.file exe 93cb22752c5b83a6200e5596ee81b3b8 / 479232 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 93cb22752c5b83a6200e5596ee81b3b8
sha1: 153cc1a29d8f66bd591214ab6731336699a9616f
sha256: fdf41627a2f38beef8b188e0f67c468c7cb05d0f7e884bc96ebd44a2e67b8369
view strings