Cryptam // document analysis


Sample Details

original filename: 02658890d88d4d38f8e97ad111cdf31e314d3415cc719e6f7771575aa1134620.doc

size: 44544 bytes
submitted: 2017-07-12 10:32:02
md5: 4935d8c7cff3d9bfc75ba240c541d39a
sha1: b2bc84d85fbcb2411ab2ba0a0bee7e95dcf2a1af
sha256: 02658890d88d4d38f8e97ad111cdf31e314d3415cc719e6f7771575aa1134620
ssdeep: 384:oqM9dAVgec4erLX+PCroKCmzNGgod2z/DBcnyNeWuHreAWov:wY2P4efX+PCro9v0t0X3LeVo
content/type: Composite Document File V2 Document, No summary info
analysis time: 0.98 s
result: malware [102]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
2821: string.This program cannot be run in DOS mode
29309: string.LoadLibraryA
29075: string.GetModuleHandleA
28749: string.GetCommandLineA
29291: string.GetProcAddress
29095: string.GetEnvironmentVariableA
29485: string.CloseHandle
28471: string.user32.dll
29497: string.KERNEL32
28781: string.ExitProcess
dropped.file exe ef9cb741d0d60ed2bb9f5caa2f306b56 / 41801 bytes / @ 2743


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 2743
md5: ef9cb741d0d60ed2bb9f5caa2f306b56
sha1: 5c350fd05d76f5b8a928477ca408c15636244a4a
sha256: 0e2adc423421d9fbbb4c798bd71b1f3e91845458ad01b48f23cea04a0122eb20
view strings