Cryptam // document analysis


Sample Details

original filename: e9ac6424eefcdd46d0101d957492204f329e5c213cd87a5c6c1423e05281d6e1_29b.doc

size: 408876 bytes
submitted: 2018-08-04 15:04:14
md5: 74149875da9125e4b73f296057fdaec3
sha1: 6da0289aaeef12e044ea191eb96ef6cf88e0f848
sha256: e9ac6424eefcdd46d0101d957492204f329e5c213cd87a5c6c1423e05281d6e1
ssdeep: 6144:MEJ6QwKnZvZgvJUqWMtab9KACTEOU20p6hn/uLnRaaWI+RWgWPtyR8rw:ME3znZZ4J1XabhC4Lp6J6D+YgWVk8s
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.41 s
result: malware [30]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
45576: string.CloseHandle
45268: string.KERNEL32
dropped.file exe e08d71fea36ce302567610e13e468c35 / 384300 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: e08d71fea36ce302567610e13e468c35
sha1: 65142d41c88ec7ca5232074b3e0f283f4bb03331
sha256: 7cfd190e4007f2c933008b37b34ed7fc94d595a0568a871684ec39d778c9a312
view strings