Cryptam // document analysis


Sample Details

original filename: oleObject1.bin

size: 851456 bytes
submitted: 2017-09-09 11:42:05
md5: be010706dfa6aaf44ff9c298aa792edd
sha1: 9f812d52123d3d3a999b63f92a25cc25d146a6c0
sha256: 10b1ff12b040fa6fef8793a44deea53f89cdc1bf4ea101d7fa3d548824a6f5b5
ssdeep: 12288:uhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aZQvZNLPYv2LlCTnU:+RmJkcoQricOIQxiZY1iaOvZNzCT
content/type: Composite Document File V2 Document, No summary info
analysis time: 274.87 s
result: malware [92]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
8926: string.This program cannot be run in DOS mode
585908: string.LoadLibraryA
590606: string.GetSystemMetrics
585924: string.GetProcAddress
591520: string.CreateProcessA
586984: string.EnterCriticalSection
574056: string.CloseHandle
588078: string.KERNEL32
538839: string.ExitProcess
dropped.file exe 233190faf42a53f881e0ba9992d43748 / 842608 bytes / @ 8848


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 8848
md5: 233190faf42a53f881e0ba9992d43748
sha1: 065a2522942eb4c66e98d274c1f43b296511992f
sha256: 31c141d9d23963207d6f4633928de5f83e1f22333c9f52d9046170618ed8cdf1
view strings