Cryptam // document analysis


Sample Details

original filename: c21de3d98a39227c659de7d30bbd8a1daa25a84f7709b75723a362121bf5c512_met2.doc

size: 598016 bytes
submitted: 2018-10-31 08:55:38
md5: 9206f20d07e1aee07e05cb2e59cea8d1
sha1: 6ea14540824db502371bdc1921818347b062588f
sha256: c21de3d98a39227c659de7d30bbd8a1daa25a84f7709b75723a362121bf5c512
ssdeep: 12288:qEzb2YwqqGiMxOgl/gOrW4wKjnpfMENwSrD1b:qEWbq1Xl/DsY/3rB
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.86 s
result: malware [130]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
411168: string.LoadLibraryA
410292: string.GetModuleHandleA
410352: string.GetCommandLineA
160856: string.GetSystemMetrics
410274: string.GetProcAddress
409944: string.EnterCriticalSection
411950: string.CloseHandle
411902: string.CreateFileA
410618: string.RegOpenKeyExA
410512: string.user32.dll
410414: string.ExitProcess
413006: string.CreateWindowExA
dropped.file exe 0655a87af651c16d97092562aa7d7439 / 573440 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 0655a87af651c16d97092562aa7d7439
sha1: 8b79af179c91ed7f3760b7e669e664d75aeca8c0
sha256: cb8fbb95f935e462f6c5485e559bf008e4322025a5ef2de1ee65c0baacc72ad8
view strings