Cryptam // document analysis



Sample Details

original filename: File_0

size: 1292213 bytes
submitted: 2018-10-02 10:42:41
md5: 511516f439bc569d57c2853f49a192ba
sha1: 0a9a943a68240e085c266f9558ce21047010e188
sha256: be3b345ed50b24e7f83fbd6deb8dabdad2a223b3b9944ce9acccb9ff824565b9
ssdeep: 24576:0TgRnu+fNB53r3y1HX7+5qedie+i0QMv4RhDHda1S1esww4qGyYRc/jC1CV+EVfE:0TgRnu+fNB53r3y1HL+5qediePda1Yen
content/type: data
analysis time: 5.81 s
result: malware [150]
embedded executable: found

signature hits:

78: string.This program cannot be run in DOS mode
1232304: string.LoadLibraryA
1232220: string.GetModuleHandleA
1232272: string.GetCommandLineA
1234418: string.GetSystemMetrics
1231994: string.GetProcAddress
1231936: string.EnterCriticalSection
1231624: string.CloseHandle
1232622: string.CreateFileA
1235030: string.RegOpenKeyExA
1070308: string.user32.dll
1152412: string.KERNEL32
1149839: string.ExitProcess
1234558: string.GetMessageA
1234264: string.CreateWindowExA
dropped.file exe 8dc601710e3e68b8d78b5cd73fb28616 / 1292213 bytes / @ 0


Cryptanalysis


key length: 1 bytes
key:

occurrences in file: 184099
entropy: 100.00%


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 0
md5: 8dc601710e3e68b8d78b5cd73fb28616
sha1: 4bb6be21a13f0dc1d1ce4bcb8e60ae2f6fee33be
sha256: 571a1da88f20e539209e0158dd4a5b5bbc69501157568d9103e138e11343026c
view strings