Cryptam // document analysis


Sample Details

original filename: fddec4301cffdbf98e5eb9c443d636c500d2d00e84eaf9c13d30df17b2194ee7_cab.doc

size: 892928 bytes
submitted: 2019-02-07 06:02:49
md5: 35e24d0a161a666a9ec1bde696347ee2
sha1: 9e703e149cd68f4ffd82295ffa4665b1af7dc540
sha256: fddec4301cffdbf98e5eb9c443d636c500d2d00e84eaf9c13d30df17b2194ee7
ssdeep: 12288:TEk1tWKa6w2CBXM6RJolyVN1v5mUeSx3GlMWlt38Ihks1Pd8M8of7/EkEf+qeYKd:TEk14z9BXM67+o7LeSx3GlMWlB2M8z
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.26 s
result: malware [140]
embedded executable: found

signature hits:

24656: string.This program must be run under Win32
604534: string.LoadLibraryA
603574: string.GetModuleHandleA
603634: string.GetCommandLineA
174640: string.GetSystemMetrics
603556: string.GetProcAddress
603184: string.EnterCriticalSection
605520: string.CloseHandle
605472: string.CreateFileA
603930: string.RegOpenKeyExA
603824: string.user32.dll
204224: string.shell32.dll
603696: string.ExitProcess
607000: string.CreateWindowExA
dropped.file exe c14ae3c6b85d59fdc7c27e189c57fce2 / 868352 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: c14ae3c6b85d59fdc7c27e189c57fce2
sha1: 34b8c5aadb5f2200fd00b46e9a9236a7b61d7fd3
sha256: d7b1c2205e2407e19849b5e6581ed01f4f62640366eb5f1dc23cd55e5132f075
view strings