Cryptam // document analysis


Sample Details

original filename: csgraber.zip

size: 347216 bytes
submitted: 2017-03-16 00:02:05
md5: 0159e07a6f5cf8754344abd8523c5fe6
sha1: e4d0d129493224435987ada24a1548d2e3c77007
sha256: 631c29449fbb3367fce2b260696699f4a85792e521a11f6eb331ac455cb2b6b6
ssdeep: 6144:/J1GRZkPv2AKFFAd0ITlvAQNK2CIrN71AgwaraTq2Uj1hIks1b1J:xcRZkPOl340ITlvAQNKq7agwf41h7C
content/type: Zip archive data, at least v2.0 to extract
analysis time: 0.00 s
result: malware [90]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file csgraber.zip 0fed26d4620c6763f448983448f5eae0
csgraber.zip.embedded.file csgraber.zip e9b7ede15e12dbb74fd94d36b4974b64
csgraber.zip.csgraber.zip.embedded.file csgraber.exe 2d192d41d751ca05e0c5a8d6116d6ef1
csgraber.zip.csgraber.zip.csgraber.exe.78: string.This program cannot be run in DOS mode
csgraber.zip.csgraber.zip.csgraber.exe.25094: string.LoadLibraryA
csgraber.zip.csgraber.zip.csgraber.exe.24434: string.GetModuleHandleA
csgraber.zip.csgraber.zip.csgraber.exe.24714: string.GetCommandLineA
csgraber.zip.csgraber.zip.csgraber.exe.24762: string.GetProcAddress
csgraber.zip.csgraber.zip.csgraber.exe.24572: string.CloseHandle
csgraber.zip.csgraber.zip.csgraber.exe.22008: string.user32.dll
csgraber.zip.csgraber.zip.csgraber.exe.25450: string.KERNEL32
csgraber.zip.csgraber.zip.csgraber.exe.20815: string.ExitProcess


Strings

raw strings

Dropped Files

csgraber.zip at zip
md5: 0fed26d4620c6763f448983448f5eae0
sha1: c609fb95eef8334a4ddd73d22c4c486be921865a
sha256: 890a059b43cbe65678722dc4efab231954abe39f4f735056e542868d629afb55
view strings

csgraber.zip at zip
md5: e9b7ede15e12dbb74fd94d36b4974b64
sha1: 41e15b310c899b47cca2a349043e0697882d996a
sha256: b2f9e21fd9e8a8186f2a0f1dbff6f2a45256723f6151f0fe420c896582a44862
view strings

csgraber.exe at zip
md5: 2d192d41d751ca05e0c5a8d6116d6ef1
sha1: 772efcf06daefdb35ee428faabe5478729d4969f
sha256: affe5aac9c91831e2a591c7f37d198566ba13d209e5bc4ad4fac13eb9e50f1c3
view strings