Cryptam // document analysis



Sample Details

original filename: 3b1e589526a6612ea2bc26a111da686e.1

size: 1094249 bytes
submitted: 2018-02-09 19:40:07
md5: 3b1e589526a6612ea2bc26a111da686e
sha1: f870b1f29967ab8eac62d34efb9a45ba1a1e98df
sha256: 1f24917110a8b0971213bd0cdd754315e035b7e2edfe8289ca48d3d7d29b424a
ssdeep: 6144:UdNNendNNerdNNeU0O1bOaWVZ+0NRNIPu0DUtOxl:UbwbSbZDl1WXZMl
content/type: data
analysis time: 1018.46 s
result: malware [85]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file datastore-148 6d54020de5e555b5389b578f782cd2c5
datastore-148.embedded.file activeX37.xml 93d2b180df5ec8102767e9e19d2605d8
datastore-148.activeX37.xml.21: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-148.embedded.file activeX1.bin f7971aa425ee0c86bb9464ef5900533e
embedded.file datastore-129369 6d54020de5e555b5389b578f782cd2c5
datastore-129369.embedded.file activeX37.xml 93d2b180df5ec8102767e9e19d2605d8
datastore-129369.activeX37.xml.21: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-129369.embedded.file activeX1.bin f7971aa425ee0c86bb9464ef5900533e
embedded.file datastore-258590 a64c34b21bc3423dbb0e8d4d228bfcee
datastore-258590.embedded.file activeX37.xml 93d2b180df5ec8102767e9e19d2605d8
datastore-258590.activeX37.xml.21: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-258590.embedded.file activeX1.bin f7971aa425ee0c86bb9464ef5900533e
1413: obfuscation.office RTF embedded Word Document
414382: string.This program cannot be run in DOS mode
434406: string.KERNEL32
dropped.file exe dd5732ab89c5acb1eb4a36ba05c81703 / 679945 bytes / @ 414304


Cryptanalysis


key length: 4 bytes
key:

occurrences in file: 132326
entropy: 100.00%


Strings

raw strings
decrypted raw strings

Dropped Files

activeX37.xml at oxml
md5: 93d2b180df5ec8102767e9e19d2605d8
sha1: a4653e3b23480c14c3cfcd316d1d83481c135a0f
sha256: ab1a8144ffbd4f2403149e37ed31e49837ec9c8e792e1206035753fb976ddc3d
view strings

activeX1.bin at oxml
md5: f7971aa425ee0c86bb9464ef5900533e
sha1: 4bbc4f4ee3401c0776a0f7c76beb449ea0bdf273
sha256: a8faba39bebaf948e3aa88725a78fd8fb7bdf6d66c95481ef80e327de94bd050
view strings

datastore-258590 at rtf
md5: a64c34b21bc3423dbb0e8d4d228bfcee
sha1: 8d185fb1144b099889a13556c11c03afa3a86f42
sha256: ef30b2192e1913059236f0bd16ec8663c5eb02de792ba1e956c252e35f0e5ce3
view strings

exe at 414304
md5: dd5732ab89c5acb1eb4a36ba05c81703
sha1: 0dc8a1142cc949c72e739078c7258653ff483f26
sha256: 3ae1e7b919d353b8368fcc2da803e6ddb11828c1ecdd771da13b5c4a0b9a062a
view strings