Cryptam // document analysis


Sample Details

original filename: 25e6ef778c0442ab89f237dcb830221f45f5b8fe48e5db4b41adbf3df9b78e2c

size: 87040 bytes
submitted: 2015-07-31 02:43:45
md5: d10b54b3fff774fa84f4e0e6b0cde2b4
sha1: 703f1b063f07e456182615ea201a667e07fd443a
sha256: 25e6ef778c0442ab89f237dcb830221f45f5b8fe48e5db4b41adbf3df9b78e2c
ssdeep: 1536:frxlisi0XP+rd4CnakeHTnloKxAiO9DMFCvJgZP1auc:frxl3iiP+x1HeCiAiO9TEPguc
content/type: Composite Document File V2 Document, No summary info
analysis time: 3.15 s
result: malware [32]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
3321: string.This program cannot be run in DOS mode
55913: string.GetSystemMetrics
55811: string.KERNEL32
dropped.file exe 29e6ce57b3eb39cf5b2413ea40c737a2 / 83797 bytes / @ 3243


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 3243
md5: 29e6ce57b3eb39cf5b2413ea40c737a2
sha1: 6e6f6970679a27bcfceea363629364cc5fac9971
sha256: e303c38b53cbc827c2a3c7cd65435e3b129c8ac5c7e949ba854b5b47dc3b676e
view strings