Cryptam // document analysis


Sample Details

original filename: oleObject1.bin

size: 883712 bytes
submitted: 2017-03-16 00:42:09
md5: 5958ff05267f6487d3ae7cf1e78ee859
sha1: 351db31105592e6d851e1be4d872e57646c80d6b
sha256: 8d5b0c9e1b88056f1fdb25e45ddc7210ce44f485a351a9d9301da5b680c8031b
ssdeep: 12288:XK2mhAMJ/cPlLoEDrnbDpYP9e51pEVzMW2eNQ8h7UH16kyc3HS4Mr2TWA/pw8Xfj:a2O/GlLVnbD0eWNz2eR7AMkycLZpN7
content/type: Composite Document File V2 Document, No summary info
analysis time: 4.66 s
result: malware [72]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
9445: string.This program cannot be run in DOS mode
90977: string.GetSystemMetrics
90199: string.GetProcAddress
89513: string.CloseHandle
89641: string.CreateFileA
90805: string.KERNEL32
90155: string.ExitProcess
dropped.file exe a63c6279cec68f20ddd34594353c7220 / 874345 bytes / @ 9367


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 9367
md5: a63c6279cec68f20ddd34594353c7220
sha1: fb68739b67848363c10b44725b36ea54e3913919
sha256: 801934cfd587645af9d718d278175d4f7209b58364134f8427c5c4bac46bb50e
view strings