Cryptam // document analysis


Sample Details

original filename: speech.doc

size: 158854 bytes
submitted: 2014-01-22 10:04:45
md5: f4cbfe4f2ddf3f599984cf6d01c1b781
sha1: 445959611bc2480357057664bb597c803a349386
sha256: 6a70e797617bb8958bfbe94a42374447e3859c6b4ef1e108d43a30b5db74480b
ssdeep: 1536:KgyNLrsGpdccCBOdK4TaC5V7dMorYjTBGI:ONPsGpe4TaCf7c
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.49 s
result: malware [100]
embedded executable: found

signature hits:

30670: string._gcc_except_tab__TEXT
32146: string.CoreServices.framework
32626: string.CoreFoundation.framework
109285: string.pthread_create
70271: string.dyld__mach_header
32522: string./usr/lib/libSystem
31906: string./usr/lib/dyld
30294: string.__PAGEZERO
32470: string./usr/lib/libgcc_s
70419: string.__mh_execute_header
dropped.file macho 8f46fde35fa68ce706e7d23900dfd30e / 49152 bytes / @ 26162
dropped.file macho a5b0daba03b04ad3e94af0164fc2806c / 46676 bytes / @ 75314
dropped.file doc 41cdea75305fea2fced6ba6a265f7f8a / 36864 bytes / @ 121990


Strings

raw strings
decrypted raw strings

Dropped Files

macho at 26162
md5: 8f46fde35fa68ce706e7d23900dfd30e
sha1: f0f089139de271dc66d3bb96984251918de0f96e
sha256: 5f664c216a2405a69a63922f5bbf4ef65bb1444210164fa2f6b2a1920fa23bbc
view strings

macho at 75314
md5: a5b0daba03b04ad3e94af0164fc2806c
sha1: dc684567c9a5b0532d7390e0cfcee65ca0f6d4ee
sha256: 7f157b9dcf082fe10e71bddec1eb0ea8cf855c6a92754e22c3618046d492f18c
view strings

doc at 121990
md5: 41cdea75305fea2fced6ba6a265f7f8a
sha1: 04d9b3b6e59e93b86ae36052e55fa1e07a030b25
sha256: 4d7e21efffb57dbb50e22fdd485792a733139e291471710f6abcec10e9557489
view strings