Cryptam // document analysis


Sample Details

original filename: KP-px 05.doc

size: 658100 bytes
submitted: 2017-09-09 12:21:23
md5: 1f01b9e6e4211975dbf25a39270cf80e
sha1: e97b3154c01ea928a28bcf0f2787318301dd4759
sha256: 72c38ae41ad640993bd333bfe96a38e5bf41b46029fdeb84533033104a4bb368
ssdeep: 12288:3toNM31Ofm4Ft4K+aX0yhPkX6CaoYjgycfwmdWwORnSlqV:3Q+1OOQ6havPGK1wtdWwORn2qV
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [72]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject1.bin 5e8c94204ca6c9b7ac329e830bb8fd0e
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.7866: string.This program cannot be run in DOS mode
oleObject1.bin.89398: string.GetSystemMetrics
oleObject1.bin.88620: string.GetProcAddress
oleObject1.bin.87934: string.CloseHandle
oleObject1.bin.88062: string.CreateFileA
oleObject1.bin.89226: string.KERNEL32
oleObject1.bin.88576: string.ExitProcess
oleObject1.bin.dropped.file exe 5982d14f8b5b3c04f32c8be029496d2a / 682900 bytes / @ 7788


Yara Tags

winrar_sfx

Strings

raw strings

Dropped Files

oleObject1.bin at zip
md5: 5e8c94204ca6c9b7ac329e830bb8fd0e
sha1: 7fcd989269a1672c1aaa7e1e124b6a0858e1cc83
sha256: 0e7502e65238bad08d82fdd482cb9e9e52778624cea832f52244df4185a87e3a
view strings

exe at 7788
md5: 5982d14f8b5b3c04f32c8be029496d2a
sha1: 681323360b43d691cd2e02bf968bd43194da5707
sha256: c50840054aa2e6a277ba293137a90e80113dded3f82c44e65026623bee2d8b32
imphash: 3c98c11017e670673be70ad841ea9c37
view strings