Cryptam // document analysis


Sample Details

original filename: KP-px2.doc

size: 658147 bytes
submitted: 2017-09-09 12:03:05
md5: 9653b624ecf3cd50d5873d6c1e6beb32
sha1: de1a59e45366a8d6b11e601a75d0fba380dc0401
sha256: 1ffb170760d65ab287cd5ebc407d8e8b2ecaad92aa4f0da845c87a9fa594f474
ssdeep: 12288:8XXHmfmGFJ4egaeghhOl4u2qYbIcYLcsd0WmdpklNul:qXHmO6unarhwIz8fd0WmdpQNk
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [72]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject1.bin 012e1d7b3a8de2e1f29c0c9e56c7c566
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.7860: string.This program cannot be run in DOS mode
oleObject1.bin.89392: string.GetSystemMetrics
oleObject1.bin.88614: string.GetProcAddress
oleObject1.bin.87928: string.CloseHandle
oleObject1.bin.88056: string.CreateFileA
oleObject1.bin.89220: string.KERNEL32
oleObject1.bin.88570: string.ExitProcess
oleObject1.bin.dropped.file exe 78b7ec39d819d910ae29ab2cd5f7685a / 682906 bytes / @ 7782


Yara Tags

winrar_sfx

Strings

raw strings

Dropped Files

oleObject1.bin at zip
md5: 012e1d7b3a8de2e1f29c0c9e56c7c566
sha1: 699eb1b3dccf04ce7786cb7b3ec4befebf20fb87
sha256: add637331f6da4cc852d389260d4c8ce68ac054a47d370fda9321af0b452afac
view strings

exe at 7782
md5: 78b7ec39d819d910ae29ab2cd5f7685a
sha1: 1f386b5e48734f1b66c584bbc7686bf7cf2cbac1
sha256: b04d9fa92d7ebd477c514a97a5babbe0055c7a022516c65ec4f13b6224a19a6b
imphash: 3c98c11017e670673be70ad841ea9c37
view strings