Cryptam // document analysis



Sample Details

original filename: Suspicious_File

size: 1304576 bytes
submitted: 2018-09-22 10:09:53
md5: 63017bb2a213fa440191b204929ab0f7
sha1: f454953c6ae4496b21d2e4c1006842aff60b90eb
sha256: cec6534e8ddc4f5f9e9b2a0cedb438a8419a5ffd08ecfe059467630f624d5b1a
ssdeep: 24576:ATgRvu+fNB53r3j1HXQ+5ql8ie+i0QMv4RhDHd91S1etww4qEyY9c4jC1CV+E4cY:ATgRvu+fNB53r3j1HA+5ql8iePd91YeX
content/type: Composite Document File V2 Document, Cannot read section info
analysis time: 5.83 s
result: malware [150]
embedded executable: found

signature hits:

2638: string.This program cannot be run in DOS mode
1244080: string.LoadLibraryA
1243996: string.GetModuleHandleA
1244048: string.GetCommandLineA
1246706: string.GetSystemMetrics
1243770: string.GetProcAddress
1243712: string.EnterCriticalSection
1243400: string.CloseHandle
1244398: string.CreateFileA
1247318: string.RegOpenKeyExA
1081060: string.user32.dll
1163676: string.KERNEL32
1161103: string.ExitProcess
1246846: string.GetMessageA
1246552: string.CreateWindowExA
dropped.file exe 91babceabb2263975b0c4309e82ca977 / 1302016 bytes / @ 2560


Cryptanalysis


key length: 1 bytes
key:

occurrences in file: 184109
entropy: 100.00%


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 2560
md5: 91babceabb2263975b0c4309e82ca977
sha1: bc7bacf35c45d6c5b28b1aa319e74bd543bdc82a
sha256: 34b0111f7e5faa2ba83dcab079d82f74b7876e585a1a751a4af92a7b1f4def29
view strings