Cryptam // document analysis


Sample Details

original filename: de60cb399e76b142afc3f7876e2228d6d8c17fd4d3dc7e6f9084172543f6c327_dc.doc

size: 651264 bytes
submitted: 2018-08-04 12:49:18
md5: bd757716c49f28b3b5fdd4889622ac88
sha1: 4a0aa1abddc6b37e1f1cec49944ce1a86c1c0ed6
sha256: de60cb399e76b142afc3f7876e2228d6d8c17fd4d3dc7e6f9084172543f6c327
ssdeep: 12288:BE5y8d0ZBrXbv2/q+BZZPhZfg5YJeIIBy:BEEZB2/qgZ0a
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.51 s
result: malware [30]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
61560: string.CloseHandle
61348: string.CreateFileA
dropped.file exe 08e5d4bf2798a5f830d46435fe0dfda8 / 626688 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 08e5d4bf2798a5f830d46435fe0dfda8
sha1: 707cf924e41cec93560acd7469fea2bc890d8f72
sha256: 99fbb00a465c7d47ea64416934e9e01a614d8e6c900d89b0e32e815809cb4985
view strings