Cryptam // document analysis


Sample Details

original filename: 01_TEST.xlsx

size: 132643 bytes
submitted: 2018-04-12 06:24:01
md5: 34ad8e1055b750e27ba21177926c47d7
sha1: d284fb85573d3d468b63ae0a46c9070863d4d5e9
sha256: 159b7215bac2b7c66c1cd6d14bc9696d95b9917ca90c36cc27050b925da15ccb
ssdeep: 3072:p6HnbgKyCduVqD5IaFn3WXQoeCLri0EXwm:p6HnbnTqqD5I4poeCSBD
content/type: Microsoft Excel 2007+
analysis time: 0.00 s
result: malware [42]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject1.bin 303908ebb14b67e500e21091af28a06c
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.2767: string.This program cannot be run in DOS mode
oleObject1.bin.49621: string.LoadLibraryA
oleObject1.bin.49603: string.GetProcAddress
oleObject1.bin.49693: string.KERNEL32
oleObject1.bin.dropped.file exe 043250c2db4cb915f1cc4abe38c2adae / 140671 bytes / @ 2689


Strings

raw strings

Dropped Files

oleObject1.bin at zip
md5: 303908ebb14b67e500e21091af28a06c
sha1: ec4929729938fe94e68fd0a0fe0eb1fb72bd0754
sha256: 298bbf6ee1e7e160bb16f522e6fbeb4e5e3123bf7e16dbc8b2099c236f0e1e90
view strings

exe at 2689
md5: 043250c2db4cb915f1cc4abe38c2adae
sha1: 1bd3a081868758d2943336b910e9dd05be2083d4
sha256: d64bfa4f3d44a0a06bbb7c5b1563eed454f7b04f79d1c2359e7ade6a37138d00
imphash: b4466982c9bbae607de79978a9b9a32e
view strings