Cryptam // document analysis


Sample Details

original filename: Doc1.doc

size: 21504 bytes
submitted: 2017-04-16 13:12:01
md5: f67e8c240f91afcc44dd7614a9b9c5ac
sha1: 3ca60418ffe3bdcfd3a6d004675f45b00112fddd
sha256: 29436f35bed364304e4ba8af601ead07052a70c65e0895c27fd13f3f1119521d
ssdeep: 192:9R7LWsaTiuzn3u/QLiAk1b/kZyGc6roJpAtHe8I1t8ev6M580:X7S9z3uoLiAkqyGcSo/ARePtB6M
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.17 s
result: malware [42]
embedded executable: found

signature hits:

9808: suspicious.office Packager ClassID used by CVE-2014-6352 C
11149: string.This program cannot be run in DOS mode
12927: string.GetModuleHandleA
12987: string.KERNEL32
12975: string.ExitProcess
dropped.file exe e27929b21bda039e2caa99b2b6ffa11a / 10433 bytes / @ 11071


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 11071
md5: e27929b21bda039e2caa99b2b6ffa11a
sha1: f6dcd2a3feeb527fb820a1af456018a7b19e331a
sha256: 4009d388f7baac133e1f0958293c568437190f1438890fcb5e9131dca39c7e4d
view strings