Cryptam // document analysis


Sample Details

original filename: f55c1c55506dc5d8549e7dad476cb69e145633f53eca164419bc4e9f3580fb8d__outputda5389f.doc

size: 684032 bytes
submitted: 2018-06-07 06:06:24
md5: 10929b55cf8f0dcc49cd97e5278d6781
sha1: c26d64de5b3035b74cfb450d9361af64d63d6a48
sha256: f55c1c55506dc5d8549e7dad476cb69e145633f53eca164419bc4e9f3580fb8d
ssdeep: 12288:UEtDTrB0CZ62E/ftNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNe:UEZEntNNNNNNNNNNNNNNNNNNNNNNNNNb
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.60 s
result: malware [20]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
33292: string.user32.dll
dropped.file exe 72a69a799bc9815151894ef36ab82872 / 659456 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 72a69a799bc9815151894ef36ab82872
sha1: e65a1fd0ab53dc724c9fbb384018de1d4e41ac95
sha256: a2fdcaf881b34a4a4029caba86cd7fd9832c930f8fcc3f166591160674bcb68c
view strings