Cryptam // document analysis


Sample Details

original filename: e22634d0f10eb26fe0503478c8027a0eabe734006e664014ada5e09a58097e91_1.doc

size: 569344 bytes
submitted: 2019-05-09 07:07:41
md5: a715ebea33e74d01f8922633113cd226
sha1: fc60c109b5b5cb2082f2b2b050b4b38561742eb0
sha256: e22634d0f10eb26fe0503478c8027a0eabe734006e664014ada5e09a58097e91
ssdeep: 12288:tE1xsHSFdV+R7q5JmlJui6pay2eSW5JzW6:tEPsyFdVWcmlJujavgJS6
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.86 s
result: malware [70]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
55906: string.GetCommandLineA
55506: string.GetSystemMetrics
56082: string.GetProcAddress
56670: string.EnterCriticalSection
55404: string.KERNEL32
46503: string.ExitProcess
dropped.file exe c7f5178221f618456a56ae6479ffbc29 / 544768 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: c7f5178221f618456a56ae6479ffbc29
sha1: 02e640b0ff374992c53c8c26f9ac94bfee3833e8
sha256: a9d2f9a714a6a53419305ea6880377c2acb2ce0b3cba54f93c5a95ec0732bfab
view strings