Cryptam // document analysis


Sample Details

original filename: 9f5e78ca91acb17c3ab84738c5f6887e171e2d32

size: 55378 bytes
submitted: 2018-02-08 23:00:03
md5: 9ec493cad02b25a31dd123b94f2ae670
sha1: 9f5e78ca91acb17c3ab84738c5f6887e171e2d32
sha256: 860042638447964e9e6e32fc36fcd017b799a3b05706c51a50c700542f17de37
ssdeep: 1536:axatRPxKoUfr6eU/uoKwUOidAfYn21MPQZkqI81QH6Lei:LYr6j//KwUOidAfMpGI/aKi
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [62]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject1.bin a54cec4f0ad0d9eab2a529671b592e6a
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.3817: string.This program must be run under Win32
oleObject1.bin.10797: string.GetModuleHandleA
oleObject1.bin.11089: string.CloseHandle
oleObject1.bin.11075: string.CreateFileA
oleObject1.bin.11135: string.shell32.dll
oleObject1.bin.10711: string.ExitProcess
oleObject1.bin.dropped.file exe 59e41ea7ca7ea3b0712fbf1c60c0dccd / 145767 bytes / @ 3737


Strings

raw strings

Dropped Files

oleObject1.bin at zip
md5: a54cec4f0ad0d9eab2a529671b592e6a
sha1: 2384ac1907c34253e38b78bdbb9c5aa5d100744f
sha256: 0df2a2e0c1f9e8d771b70c3e87d6ede9c7804ef3374f469d9e00e77532d24dcf
view strings

exe at 3737
md5: 59e41ea7ca7ea3b0712fbf1c60c0dccd
sha1: aa5087b5a78907f97c16f4aa71acc57da3bdbc92
sha256: 7499bfacd0a8b4fd457acfdfd6412813b9ece6103b384d350d39d1db87b74ddb
imphash: d59a4a699610169663a929d37c90be43
view strings