Cryptam // document analysis


Sample Details

original filename: d965da4f21926873f2cda99a8876bc00dc9e0506a4a45d01452ae27092f48b7e_ik.doc

size: 614400 bytes
submitted: 2018-06-08 06:14:15
md5: 8d4cd0af0ea460f5f4ee170e534ca08b
sha1: 83a647acfb19568515c997e620ea8451f37cae89
sha256: d965da4f21926873f2cda99a8876bc00dc9e0506a4a45d01452ae27092f48b7e
ssdeep: 12288:YEgVJOyehbXnT1WviJEwHQVSmGS4KJxnTZsE7Ud:YEWJOxBOwYSmG6xnTD7U
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.55 s
result: malware [30]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
67264: string.CloseHandle
67028: string.CreateFileA
dropped.file exe f95e455dc0724bc77b062f9726c41705 / 589824 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: f95e455dc0724bc77b062f9726c41705
sha1: e9c51ff51e8103a67ee1a7d25a87f7ec1f7de5f8
sha256: f7f780bce58e1b09fee3498d33f910385e08687ab2baa4debd9b2c20bae5259e
view strings