Cryptam // document analysis



Sample Details

original filename: 8657b5007d1aa1ec84314c386dcc6555.1

size: 1197122 bytes
submitted: 2018-02-09 18:34:01
md5: 8657b5007d1aa1ec84314c386dcc6555
sha1: 328a11abe75ebd9cc3a82100207ba3670c35fdf9
sha256: 5936f9a22b2fca3881953e8d583c9886ecd9cdb673b9582d0effffd97d95b87a
ssdeep: 12288:ZbwbSbZDzU+nxBCZV0T8kZxTrpmDDPMycK3RqZxhynEcSKq229qR3qgN1xz7Ynh:Z0+FvU+uZVk8kXSqhynEcSKX3xih
content/type: data
analysis time: 64.35 s
result: malware [85]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file datastore-14 6d54020de5e555b5389b578f782cd2c5
datastore-14.embedded.file activeX37.xml 93d2b180df5ec8102767e9e19d2605d8
datastore-14.activeX37.xml.21: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-14.embedded.file activeX1.bin f7971aa425ee0c86bb9464ef5900533e
embedded.file datastore-129235 6d54020de5e555b5389b578f782cd2c5
datastore-129235.embedded.file activeX37.xml 93d2b180df5ec8102767e9e19d2605d8
datastore-129235.activeX37.xml.21: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-129235.embedded.file activeX1.bin f7971aa425ee0c86bb9464ef5900533e
embedded.file datastore-258456 a64c34b21bc3423dbb0e8d4d228bfcee
datastore-258456.embedded.file activeX37.xml 93d2b180df5ec8102767e9e19d2605d8
datastore-258456.activeX37.xml.21: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-258456.embedded.file activeX1.bin f7971aa425ee0c86bb9464ef5900533e
415: obfuscation.office RTF embedded Word Document
413384: string.This program cannot be run in DOS mode
434727: string.ExitProcess
dropped.file exe 013b9000d5db005e46208df2e98b57f1 / 783816 bytes / @ 413306


Cryptanalysis


key length: 4 bytes
key:

occurrences in file: 25704
entropy: 100.00%


Strings

raw strings
decrypted raw strings

Dropped Files

activeX37.xml at oxml
md5: 93d2b180df5ec8102767e9e19d2605d8
sha1: a4653e3b23480c14c3cfcd316d1d83481c135a0f
sha256: ab1a8144ffbd4f2403149e37ed31e49837ec9c8e792e1206035753fb976ddc3d
view strings

activeX1.bin at oxml
md5: f7971aa425ee0c86bb9464ef5900533e
sha1: 4bbc4f4ee3401c0776a0f7c76beb449ea0bdf273
sha256: a8faba39bebaf948e3aa88725a78fd8fb7bdf6d66c95481ef80e327de94bd050
view strings

datastore-258456 at rtf
md5: a64c34b21bc3423dbb0e8d4d228bfcee
sha1: 8d185fb1144b099889a13556c11c03afa3a86f42
sha256: ef30b2192e1913059236f0bd16ec8663c5eb02de792ba1e956c252e35f0e5ce3
view strings

exe at 413306
md5: 013b9000d5db005e46208df2e98b57f1
sha1: 24e8b7b73627f89e8db503d8044a8cbb72160c46
sha256: 2af5c11a9ec99f9973accac9cbac1c2b53e89f6cde74133f180270248a4ed3ae
view strings