Cryptam // document analysis



Sample Details

original filename: eb4e51b3999276de6ffa688efdb87e8a4efb3e0923a4eeecc191f8573f3b3f80

size: 613376 bytes
submitted: 2018-11-30 03:05:22
md5: 4df28492ee6cfd3d24fc74f1a025e0d3
sha1: 5bd33f1503c0ffaa38dec0c032965c53deb59b3d
sha256: eb4e51b3999276de6ffa688efdb87e8a4efb3e0923a4eeecc191f8573f3b3f80
ssdeep: 1536:GCzHpNC6EK3ONlyfJTiot0wU0fVTtJLSxe12wwwJyyyR8QBjrQy8zf9oOPCztCXz:sK3ONlyfBVTtJLSp8QF3o
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 12.45 s
result: malware [60]
embedded executable: found

signature hits:

35435: xor_0xd6.not.string.This program cannot be run in DOS mode
83951: xor_0xd6.not.string.GetModuleHandleA
83395: xor_0xd6.not.string.CreateProcessA
83279: xor_0xd6.not.string.CloseHandle
83325: xor_0xd6.not.string.CreateFileA
83523: xor_0xd6.not.string.KERNEL32
dropped.file doc bf3deca6a6ab07350126a79a8000ab39 / 18446 bytes / @ 16911
dropped.file exe 9cfedddd043e2063623594503e131f66 / 578019 bytes / @ 35357


Cryptanalysis


key length: 1 bytes
key:

zero space not replaced: yes
entropy: 100.00%
bitwise not: yes


Strings

raw strings
decrypted raw strings

Dropped Files

doc at 16911
md5: bf3deca6a6ab07350126a79a8000ab39
sha1: c9d48902efd37b38ec8d5a75e17294f4cbfeef06
sha256: 6a159bda154cf7ba06c4f11a5980d7426f6908e05c9ad514424732f808fb5047
view strings

exe at 35357
md5: 9cfedddd043e2063623594503e131f66
sha1: f99799ca807e10278a7547046e276329332af794
sha256: 86c92b021e7fece8e3967d6b4193452a5ccfd3ac7d2e1e5a3247478e51f9c662
view strings