Cryptam // document analysis



Sample Details

original filename: e0b76ec79337828b6fe05988d4d8530e.1

size: 487125 bytes
submitted: 2018-02-09 18:35:28
md5: e0b76ec79337828b6fe05988d4d8530e
sha1: 8fdc7f41c29db64c6aef8ab085217321aeccb021
sha256: 8fc96e91e56faf3d032ea2691fd663c059c0d81fe770a592a34240284702e312
ssdeep: 6144:2v45TqVGsGGe8pyqMGq5zkeeOie4Zifq5cq:2v4VqssTkNGq5zkICQfq53
content/type: Rich Text Format data, version 1, unknown character set
analysis time: 17.23 s
result: malware [12]
embedded executable: found

signature hits:

5623: obfuscation.office RTF embedded Word Document
121363: string.This program cannot be run in DOS mode
dropped.file exe 0b541cfc6e526e68cd03b3abf939faf7 / 365840 bytes / @ 121285


Cryptanalysis


key length: 4 bytes
key:

occurrences in file: 6
entropy: 100.00%


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 121285
md5: 0b541cfc6e526e68cd03b3abf939faf7
sha1: 994cb9e99aff59abd11b28cda6ed24ec571c6d93
sha256: a158a9f1190fe4193d9bf2e8d8c3185a5f8fa7fae349f7b70c98c57d550e9674
view strings