Cryptam // document analysis


Sample Details

original filename: oleObject1.bin

size: 962560 bytes
submitted: 2017-03-15 19:32:14
md5: 8afcce1dab780390aabf1ac1e33843d7
sha1: bfae9cacccdc13d067e320d509474e984f3902a1
sha256: 6c8135ea4fd15e99bd4c5a155f34196d171606365cfcffd09c69cf90d529dc4d
ssdeep: 24576:/2O/GlVdN/qIH+xixS9R57AMkycLZpNG:SNiIHr29/qZpk
content/type: Composite Document File V2 Document, No summary info
analysis time: 3.75 s
result: malware [72]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
9929: string.This program cannot be run in DOS mode
91461: string.GetSystemMetrics
90683: string.GetProcAddress
89997: string.CloseHandle
90125: string.CreateFileA
91289: string.KERNEL32
90639: string.ExitProcess
dropped.file exe 6a60ad323552082bfee949c2d9364fd7 / 952709 bytes / @ 9851


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 9851
md5: 6a60ad323552082bfee949c2d9364fd7
sha1: c5a56e9a554a005e5b412e59d2300889cd834ae8
sha256: 15758f44a80879e2b6c36b6e1ddd676a41f36b68797c0f20e07d2d5c58f4ff68
view strings