Cryptam // document analysis



Sample Details

original filename: 7e24ad1f152b60.bup

size: 2302464 bytes
submitted: 2018-04-11 18:28:10
md5: 058db654caaebd0eced633e622734187
sha1: 681c4ce011ba3607e920958775222e35d03ea53b
sha256: 164d995a2ac8efd386251b4c75985a42e0dc5c0979b7d7d513e76fe4ddfa8d5e
ssdeep: 49152:+MWjETKVangBJK8njpBA9us61mHrmfwmEAPD/BNByyjfxoas9WAv+KWeLf:RWNVsOznjpcuz1mmflEAPDpNBDfHs95P
content/type: Composite Document File V2 Document, Cannot read section info
analysis time: 297.76 s
result: malware [110]
embedded executable: found

signature hits:

3150: string.This program cannot be run in DOS mode
265482: string.LoadLibraryA
46440: string.GetModuleHandleA
107928: string.GetCommandLineA
45512: string.GetProcAddress
56640: string.CreateProcessA
45224: string.EnterCriticalSection
45272: string.CloseHandle
45418: string.CreateFileA
45610: string.KERNEL32
45550: string.ExitProcess
dropped.file exe d1cdf1c9c820185914ebc3b143cb7bac / 45088 bytes / @ 3072
dropped.file exe c5c1dd27574541cf24e1a0569d826468 / 16992 bytes / @ 48160
dropped.file exe 6ed72e48f8bf93692f614d05e75c8dc6 / 144420 bytes / @ 65152
dropped.file exe f2b165d6849e14a7039e3e506405ac38 / 2092892 bytes / @ 209572


Cryptanalysis


key length: 1 bytes
key:

occurrences in file: 76766
entropy: 100.00%


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 3072
md5: d1cdf1c9c820185914ebc3b143cb7bac
sha1: 076f3110ade62d66cbab9ef31cfa89eccd9840ee
sha256: 22f77642a2ea4b3d0afc20fd4fc95ff15cbd8ffbac21c52f11e7659fbf64c8ad
view strings

exe at 48160
md5: c5c1dd27574541cf24e1a0569d826468
sha1: 07b1da37dd59231182f01df7fdc8234466daf9bc
sha256: cbd5f08ebb90a4b1d002d90c6b7dcd8cb8fe728cd9c63a6ab6286f8bfbcc2757
view strings

exe at 65152
md5: 6ed72e48f8bf93692f614d05e75c8dc6
sha1: 1109f21211e8649a22cb7817712499412e496c4c
sha256: 619a83941d49d32e4a9b85efbe45676566a3aae7fa3cb0b8706e9fc89ec14022
view strings

exe at 209572
md5: f2b165d6849e14a7039e3e506405ac38
sha1: 5633329601ff5c2a880f3f2c0d0402baa3f6f550
sha256: 2b50fb3484378e65f49c28b875dde57b55c9d733973a0df76d7cda25189790e3
view strings