Cryptam // document analysis


Sample Details

original filename: SS AIR_Q52236.iso

size: 616448 bytes
submitted: 2019-06-11 12:30:04
md5: 5dad7c93e7a5cf78c79f3874d7e3f8e4
sha1: c692ff85a82783c2328204a2d87de9fbfaaa6552
sha256: b60c3dba08a100f572febba44c3070feb6595a4cf905b83c8361cb836459537a
ssdeep: 12288:AoiUXLeUjCBFtIZI3YzU/yVThE0sdZOjCYbCmWdmE:A7cLOBChzLJW00WZbCvdmE
content/type: ISO 9660 CD-ROM filesystem data 'SS AIR_Q52236'
analysis time: 1.89 s
result: malware [130]
embedded executable: found

signature hits:

61520: string.This program must be run under Win32
433690: string.LoadLibraryA
432856: string.GetModuleHandleA
432916: string.GetCommandLineA
197792: string.GetSystemMetrics
432838: string.GetProcAddress
432508: string.EnterCriticalSection
434492: string.CloseHandle
434444: string.CreateFileA
433182: string.RegOpenKeyExA
433076: string.user32.dll
432978: string.ExitProcess
435588: string.CreateWindowExA
dropped.file exe 1cf321753a22c5e62c23872d84c75325 / 555008 bytes / @ 61440


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 61440
md5: 1cf321753a22c5e62c23872d84c75325
sha1: 27527f00cec411cdf8548a4a920a4fc2199e44e1
sha256: dd3f9476195ac58d8e183ef3e83f0a641d14a8db975ab6299e6667511bbbad37
view strings