Cryptam // document analysis



Sample Details

original filename: 7961edc4e18523d0d7edb23ef06f897c5b4740a8b26cd000035e8de138e06e6c

size: 823561 bytes
submitted: 2014-03-18 20:20:02
md5: 0f765671a844190d74e985410fe31e8e
sha1: 50bd45b9c6fbc3f0fe8095af63d1087b70726884
sha256: 7961edc4e18523d0d7edb23ef06f897c5b4740a8b26cd000035e8de138e06e6c
ssdeep: 24576:+3XsmPAAc1fcvteCYQ9+VPKjTLj4AOUpL5RKvY:qPPAAofweqaPkj4KxkY
content/type: data
analysis time: 73.84 s
result: malware [90]
embedded executable: found

signature hits:

7716: exploit.office MSO MSCOMCTL.OCX RCE CVE-2012-0158 I
8223: exploit.office MSO MSCOMCTL.OCX RCE CVE-2012-0158 J
9371: string.This program cannot be run in DOS mode
29231: string.LoadLibraryA
29245: string.GetProcAddress
29149: string.KERNEL32
29305: string.ExitProcess
dropped.file exe cb82723b09271be65e1233769ed48c63 / 814268 bytes / @ 9293


Yara Tags

theme_MH370
mime_mso
apt_north_beaver_wmonder_vidgrab

Cryptanalysis


key length: 256 bytes
key:

occurrences in file: 48
entropy: 99.61%


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 9293
md5: cb82723b09271be65e1233769ed48c63
sha1: e792bf1d782b006f638ec40396cba189a7ca9261
sha256: 999e0704d528f6f28c761eaecde45699eba5680ae3f20efd4a47ac662518048b
view strings