Cryptam // document analysis


Sample Details

original filename: /1/9/1/91b1c29f04b01865660847472f19541f5b14712bf5626a0e0e143a7b8867df0b.file

size: 4281089 bytes
submitted: 2018-02-09 20:36:12
md5: cde85bcd2b3c6dc064f29c717ce5e530
sha1: c549a1b2195e8c503a5cfa3c7acc61ddbb534bcf
sha256: 91b1c29f04b01865660847472f19541f5b14712bf5626a0e0e143a7b8867df0b
ssdeep: 98304:znYr58ltW5V6SB8FexfGv8NWC6EMMBX4PT0:DYt8IFGv8NFtMAX4A
content/type: Zip archive data, at least v2.0 to extract
analysis time: 0.00 s
result: malware [160]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file ClassyMS.exe 9699da27f1d55c40f39874a7af5c3cc2
ClassyMS.exe.78: string.This program cannot be run in DOS mode
ClassyMS.exe.9909448: string.LoadLibraryA
ClassyMS.exe.9909642: string.GetModuleHandleA
ClassyMS.exe.9909774: string.GetCommandLineA
ClassyMS.exe.9909430: string.GetProcAddress
ClassyMS.exe.9908992: string.CreateProcessA
ClassyMS.exe.9909356: string.EnterCriticalSection
ClassyMS.exe.9910528: string.GetEnvironmentVariableA
ClassyMS.exe.9910376: string.CloseHandle
ClassyMS.exe.9910242: string.CreateFileA
ClassyMS.exe.9908680: string.RegOpenKeyExA
ClassyMS.exe.7610500: string.user32.dll
ClassyMS.exe.9911448: string.shell32.dll
ClassyMS.exe.7607404: string.KERNEL32
ClassyMS.exe.9909810: string.ExitProcess
ClassyMS.exe.9911836: string.CreateWindowExA
ClassyMS.exe.dropped.file exe 93093bb676614c9c96c6ca33fe71cf38 / 1149870 bytes / @ 8770642


Strings

raw strings

Dropped Files

ClassyMS.exe at zip
md5: 9699da27f1d55c40f39874a7af5c3cc2
sha1: 60bcd5a1b136880f76efd6bbcd9c8bb1b1423ee1
sha256: f369829df7ef33ddf215d3d4ff01abf6700979c2fcd2b3ea1da589f6bbb8ab12
view strings

exe at 8770642
md5: 93093bb676614c9c96c6ca33fe71cf38
sha1: 9267f5cb0e000491e28793eb5f92397ebbf0c2f1
sha256: c1e0a026dfebfacd8fdef4f70ad1c95e728a9eaccb9cf1244ec9b31ffdd24e81
view strings