Cryptam // document analysis



Sample Details

original filename: 7f9da5fc8d94ccd5fb6fedba9c004f9c.1

size: 832793 bytes
submitted: 2018-02-09 18:53:18
md5: 7f9da5fc8d94ccd5fb6fedba9c004f9c
sha1: febee02537bebad23058ff4cc0940c2455f9e01c
sha256: 96657ef37b03910cf8f9fe5c04cbdfacf404df06d4af49389a9b9e86fe0d6d3b
ssdeep: 12288:b2weAzC1QcIoNLz6ElJKKJPRtme12s3vhz8//VYWqH9JkF9R+n:5eKvcI4z6CUC5td12s3vhgnY9JkPR+n
content/type: Rich Text Format data, version 1, unknown character set
analysis time: 12.00 s
result: malware [70]
embedded executable: found

signature hits:

30817: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 B
42529: exploit.office RTF memory corruption listoverridecount CVE-2012-2539 CVE-2014-1761
42528: exploit.office RTF memory corruption listoverridecount CVE-2014-1761
69717: string.This program cannot be run in DOS mode
dropped.file exe fe4468568b9df9bec667c6ad74a5924b / 763154 bytes / @ 69639


Cryptanalysis


key length: 4 bytes
key:

occurrences in file: 63
entropy: 100.00%


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 69639
md5: fe4468568b9df9bec667c6ad74a5924b
sha1: f36e90db78429d0b1d80e36992c9fe30e5eeb38c
sha256: 7e4570aadbad98cb0e750e83571a3b7453f7cd1ca778613cda5bb14cf01c2038
view strings