Cryptam // document analysis


Sample Details

original filename: a8c543e90a18eb5237c660b805386a25

size: 614815 bytes
submitted: 2017-10-07 19:03:10
md5: a8c543e90a18eb5237c660b805386a25
sha1: 0f3630884ef0a5ec1d95cb3390b6598a7fbe3959
sha256: 29be968081e1a14ea07903e388038e01cf831ecb154a609cbc5c0b46a793dd18
ssdeep: 12288:UYArHZlX78m1iSDT/mnkWNUtDLhHO2g9WXrg3/a5Ha2etgB+:uHZB/0S7wUtDVgYrgva5H
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 349.57 s
result: malware [30]
embedded executable: found

signature hits:

15597: not.string.This program cannot be run in DOS mode
17187: not.string.KERNEL32
17175: not.string.ExitProcess
dropped.file exe 8812997d9b9be2922f89b2f58c7ed45e / 599296 bytes / @ 15519


Cryptanalysis

key length: 0 bytes
key:

entropy: 0.00%
bitwise not: yes


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 15519
md5: 8812997d9b9be2922f89b2f58c7ed45e
sha1: 6007e93bde833646b1b289cb092d491541e0deef
sha256: 49d3b6b11228458795ff302d3f6213e211852465923659ac99dfb77bd1cb2bc1
view strings