Cryptam // document analysis


Sample Details

original filename: fa352f20d324eebcd3b30c7700f6241f2829e82b6d45e925f76b1b8b7bb0bc41_fg.doc

size: 946176 bytes
submitted: 2018-11-04 09:23:10
md5: a1a82483e16d370ee583c2f09380c2e3
sha1: d5df74ab104236be3c49a4b2500e5587be3dac41
sha256: fa352f20d324eebcd3b30c7700f6241f2829e82b6d45e925f76b1b8b7bb0bc41
ssdeep: 24576:sEwRmJkcoQricOIQxiZY1iahMCkSuOIKbX:sEFJZoQrbTFZY1iaS/jKbX
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.25 s
result: malware [90]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
601636: string.LoadLibraryA
606334: string.GetSystemMetrics
601652: string.GetProcAddress
607248: string.CreateProcessA
602712: string.EnterCriticalSection
589784: string.CloseHandle
603806: string.KERNEL32
554567: string.ExitProcess
dropped.file exe 91055aa5b2d40a262a8562c8d27a867c / 921600 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: 91055aa5b2d40a262a8562c8d27a867c
sha1: 0dc19aff3c1fd702f53bda249f3e25161e60f680
sha256: 998a6a61608b3100e318c5f79701be5a303da421fd6d0dc3ad0568cbee8c6de8
view strings