Cryptam // document analysis


Sample Details

original filename: jisubaiduwenkuxiazai_itmop.com.zip

size: 617387 bytes
submitted: 2017-04-16 07:02:02
md5: fa1cd7ed87aa572fc0763ed0d7fddde4
sha1: ae8db7667f22b637afbd289b20af0be9e6427a82
sha256: 35dcd41d913b2ba2fa7e712f7773f336526a1bdd94f24db425d6b66e0fca9c09
ssdeep: 12288:HadSVtoZyBWF1e7Ki87+m23d7KyzFMSFTdDC95n/Wqist2:6dAtYyEm7xeRexl5zsxFisI
content/type: Zip archive data, at least v1.0 to extract
analysis time: 0.00 s
result: malware [222]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file ╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe f8723b83c7601194bdd0ca00715d897f
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1055810: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1068124: suspicious.office embedded Flash in MSO file
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.78: string.This program cannot be run in DOS mode
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1041727: string.LoadLibraryA
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1042313: string.GetModuleHandleA
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1162378: string.GetCommandLineA
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1103960: string.GetSystemMetrics
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1041740: string.GetProcAddress
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1162344: string.CreateProcessA
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1163366: string.EnterCriticalSection
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1168310: string.GetEnvironmentVariableA
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1041344: string.CloseHandle
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1042190: string.CreateFileA
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1187020: string.Advapi32.dll
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1166844: string.RegOpenKeyExA
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1043861: string.RegDeleteKeyA
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1040095: string.user32.dll
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1115076: string.KERNEL32
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1163086: string.ExitProcess
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1165250: string.GetMessageA
╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe.1168938: string.CreateWindowExA
embedded.file IT猫扑网 (2).url 5330643607621baa04ef017b84f45bd1
IT猫扑网 (2).url.110: string.shell32.dll


Strings

raw strings

Dropped Files

╝л╦┘░┘╢╚╬─┐т╧┬╘╪╞ўV1.0.exe at zip
md5: f8723b83c7601194bdd0ca00715d897f
sha1: b52ce26c178f442311a4779b7e208194c0f16f0e
sha256: 8089c3199a3f31dbddb58b4fed86739dc18f34a1a462e340b9bad812e7e7d3ff
view strings

IT猫扑网 (2).url at zip
md5: 5330643607621baa04ef017b84f45bd1
sha1: 5a3624c64dac53266cc91df2885cf3ed9d517870
sha256: d21129ce261839f7e84277ae3530ac147f1293d5d027a7cb1f4c6d5d85edcc49
view strings