Cryptam // document analysis


Sample Details

original filename: 2384ac1907c34253e38b78bdbb9c5aa5d100744f

size: 149504 bytes
submitted: 2018-02-09 20:06:07
md5: a54cec4f0ad0d9eab2a529671b592e6a
sha1: 2384ac1907c34253e38b78bdbb9c5aa5d100744f
sha256: 0df2a2e0c1f9e8d771b70c3e87d6ede9c7804ef3374f469d9e00e77532d24dcf
ssdeep: 768:e9BK2lzerTtNHaYn+JSdiM941LGfYnyidzJHS3fy:qBgt1aYn+midAfYnbdE3fy
content/type: Composite Document File V2 Document, Cannot read section info
analysis time: 9.18 s
result: malware [62]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
3817: string.This program must be run under Win32
10797: string.GetModuleHandleA
11089: string.CloseHandle
11075: string.CreateFileA
11135: string.shell32.dll
10711: string.ExitProcess
dropped.file exe 59e41ea7ca7ea3b0712fbf1c60c0dccd / 145767 bytes / @ 3737


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 3737
md5: 59e41ea7ca7ea3b0712fbf1c60c0dccd
sha1: aa5087b5a78907f97c16f4aa71acc57da3bdbc92
sha256: 7499bfacd0a8b4fd457acfdfd6412813b9ece6103b384d350d39d1db87b74ddb
view strings