Cryptam // document analysis


Sample Details

original filename: oleObject1.bin

size: 207872 bytes
submitted: 2017-06-14 03:48:03
md5: 5b693b80d0a50914d11d396d6fdb75af
sha1: 04b195a339a049b35dafa39c9e51b9f18c35d85d
sha256: 5b141ecb71f81c2aed4339a4851befec0536d2ee4eae1c1abe957476d2a3661c
ssdeep: 3072:rErMEDi9nIjSs4Ioycodk89fWFzBrwWtRJMCuodJUu40UCzPcVV:4Z2xssYdD9fWFV7tH0odn41CDc
content/type: Composite Document File V2 Document, No summary info
analysis time: 6.09 s
result: malware [12]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
4349: string.This program cannot be run in DOS mode
dropped.file exe 98872a1cd163e94fb676fb001e501107 / 119292 bytes / @ 4271
dropped.file exe 1ae0f0f72863d29e4fe18e17f82b524e / 84309 bytes / @ 123563


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 4271
md5: 98872a1cd163e94fb676fb001e501107
sha1: 816a868680702641b58ee6b661e11229dde4bf6b
sha256: 2b55e6c9638694616485545c6c257c04f695ba03e10d4359026a803e4e34137a
view strings

exe at 123563
md5: 1ae0f0f72863d29e4fe18e17f82b524e
sha1: dd4ab2cbc6c9f53aa21a89da5b1d16bb2264502f
sha256: 2001fa1a3eb8e05a3e6d9c1d07ababa7fe52d2f2930ffa17002cdf59b5b462b6
view strings