Cryptam // document analysis


Sample Details

original filename: 01_TEST.xlsx

size: 134396 bytes
submitted: 2018-04-12 05:28:01
md5: e7d71f56aa9301322540c9c620a553b5
sha1: 29a75c5b942dd98e3099c8145a97661cb3ca7d30
sha256: 488e4ce285f05efeafd87aa572660bbecd51a94815d3b78e72767f2b01dc9678
ssdeep: 3072:p6HnNjSDfMd4Bon9OFa/I/HgaFp3WtWomALro0Ejqpo:p6HnBxHeg4NomA4BGpo
content/type: Microsoft Excel 2007+
analysis time: 0.00 s
result: malware [42]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject1.bin 52c7a2d7b861368337e7e6c45e7330eb
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.2767: string.This program cannot be run in DOS mode
oleObject1.bin.49621: string.LoadLibraryA
oleObject1.bin.49603: string.GetProcAddress
oleObject1.bin.49693: string.KERNEL32
oleObject1.bin.dropped.file exe 043250c2db4cb915f1cc4abe38c2adae / 140671 bytes / @ 2689


Strings

raw strings

Dropped Files

oleObject1.bin at zip
md5: 52c7a2d7b861368337e7e6c45e7330eb
sha1: 9abb4adfc3fa5dfb866418c9839195b1010ae66d
sha256: 976bcfd24251139267f1be4c517470aeb0a9d8f7b1bacfd4fa9c6d1d3624782f
view strings

exe at 2689
md5: 043250c2db4cb915f1cc4abe38c2adae
sha1: 1bd3a081868758d2943336b910e9dd05be2083d4
sha256: d64bfa4f3d44a0a06bbb7c5b1563eed454f7b04f79d1c2359e7ade6a37138d00
imphash: b4466982c9bbae607de79978a9b9a32e
view strings