Cryptam // document analysis


Sample Details

original filename: oleObject1.bin

size: 1060352 bytes
submitted: 2018-04-12 09:15:04
md5: b92ca0b1b659acd4250220f0e2bbece0
sha1: 59a64501542f105b683916feb8fbf0c339506b4f
sha256: 2d193ef69e2a59d81c6a23a5e6be566d759024a2a2fb211ccc9b46e8173da1b2
ssdeep: 12288:1XnN5mvPCiKMOPb5n/NJHZ5H2Ljpjrv24r+wkFFnKgjAZlp+jrDz9g8VflSbng4U:9nHmXRcdnvHi/pjrvTr+DLjy+jH35
content/type: Composite Document File V2 Document, Cannot read section info
analysis time: 23.26 s
result: malware [72]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
10943: string.This program must be run under Win32
1055489: string.LoadLibraryA
1055503: string.GetProcAddress
1055451: string.user32.dll
1055439: string.shell32.dll
1055343: string.KERNEL32
1055563: string.ExitProcess
dropped.file exe eefc5117804d92033c9824de553fab7f / 1049489 bytes / @ 10863


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 10863
md5: eefc5117804d92033c9824de553fab7f
sha1: 0fb9f7d578794511a46faa7ea8306717ef8c7e9e
sha256: e4d79436730bf18115266714c31f088c5bc8b1ac8cd9b7eef6ae1eef993965fb
view strings