Cryptam // document analysis


Sample Details

original filename: e359456f6178174963523cfbdba77eb6d9b823636be4f27c2395e7d22b93131f_u.doc

size: 688128 bytes
submitted: 2019-05-25 02:19:02
md5: 85a6581dbe64938f0609ee1f552d5b7e
sha1: 6f6abf298407754890cd5b9a650ff6289c989288
sha256: e359456f6178174963523cfbdba77eb6d9b823636be4f27c2395e7d22b93131f
ssdeep: 12288:TEGaowATVopG8QZ8OLiqeCvJ3gVGuotIbD+HtfzTqlB/vj9k+6UZ:TEEOpl1WgVk6qtf/q/L9k+/
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.14 s
result: malware [70]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
66234: string.GetSystemMetrics
66770: string.GetProcAddress
67038: string.EnterCriticalSection
67612: string.CloseHandle
66164: string.KERNEL32
56291: string.ExitProcess
dropped.file exe b116fc49a911727249dd0459570c1e64 / 663552 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: b116fc49a911727249dd0459570c1e64
sha1: 1b7a469d9ba43bbb0a917c1bb7477b6a2facedfb
sha256: 0e25145a0eeaad04eec41cb95dfc28b5068e1da4d50bf66abc906475ca2c3a79
view strings