Cryptam // document analysis


Sample Details

original filename: b6b0da1634c699ffd385325963552e46a443e5393fe433007a265ce731a6aea9_run.doc

size: 1325056 bytes
submitted: 2018-10-29 18:36:17
md5: ce746088b24dd12b8b280b0c38e7f2c0
sha1: 25c7dff05ab32452512714ef73d1c8351dd578db
sha256: b6b0da1634c699ffd385325963552e46a443e5393fe433007a265ce731a6aea9
ssdeep: 24576:nUcYknjfVAsskAjBlAxTwYNm7k4fmdRTLDXB8tosq1Fd:nUcYkjfVvskAjTAxTfNsWdRTLrB8tor1
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 3.37 s
result: malware [70]
embedded executable: found

signature hits:

75342: string.This program cannot be run in DOS mode
287370: string.GetCommandLineA
286192: string.GetProcAddress
286438: string.EnterCriticalSection
286224: string.CloseHandle
286660: string.KERNEL32
237847: string.ExitProcess
dropped.file exe 307f41a07f088086e693d766afb32279 / 236032 bytes / @ 75264
dropped.file exe e0f297752d65102364c7cf9ffe6baa02 / 1013760 bytes / @ 311296


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 75264
md5: 307f41a07f088086e693d766afb32279
sha1: ab1873ea7de63d9cc608709cdd685eac8fe8794a
sha256: 78270d8abd9f5f0954c2cbf5896c82fa35d4f3a87a5beab57a9546aec76552ba
view strings

exe at 311296
md5: e0f297752d65102364c7cf9ffe6baa02
sha1: e79700aa38e308262bead7e1216e728caa484e5e
sha256: 26de6d2c6c45cb94dfc6ce1495d45f2453f2ee0e70c20ccdc0519d30523eb162
view strings