Cryptam // document analysis


Sample Details

original filename: Details.doc

size: 269824 bytes
submitted: 2017-10-07 19:23:11
md5: 63510495a2243e8c70b1c2b4223ccbb3
sha1: 7526b85315fe2151df5d43e6d1fc308f8ce42dd9
sha256: 6e5e2fb4b7473120f772c8c89d79a5480919240d778731abb08cfa254050896f
ssdeep: 3072:epbo/jS++UbMnjd/dzXDXf+ieT6EMFbgX/iVb17pomt3KhH4dFEREE1CG4uM4sZl:eZ6BMnrypeEmbSIuQ6KFdf2kcq41P+
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 39.31 s
result: malware [42]
embedded executable: found

signature hits:

10320: suspicious.office Packager ClassID used by CVE-2014-6352 C
14089: string.This program cannot be run in DOS mode
124675: string.GetSystemMetrics
126295: string.GetProcAddress
124692: string.user32.dll
dropped.file exe 7fc49a462fdcb8670e7ed3ed705e78f8 / 255813 bytes / @ 14011


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 14011
md5: 7fc49a462fdcb8670e7ed3ed705e78f8
sha1: a912084471025c3a23efb47238133a03362b89b4
sha256: 6427286e1f085398585118d39b2066e8cf2e300168b395e065b44d4fca7c7092
view strings