Cryptam // document analysis


Sample Details

original filename: /1/9/7/9756b9c5f7515cddfe2743ae72ac22b08b4ee6282fbb4293231894881d6c9737.file

size: 3702562 bytes
submitted: 2017-04-16 06:32:06
md5: 9531c265cfa021892e4fc28e4ff41a1c
sha1: c7de3ecad87f5e46a0eebb95edc22c11bc31398a
sha256: 9756b9c5f7515cddfe2743ae72ac22b08b4ee6282fbb4293231894881d6c9737
ssdeep: 98304:D1yU6USFaYuY0q68dQltAmJeyYIYy7lI+AR6Ttb:DI7a06pqWu+6Eb
content/type: Zip archive data, at least v2.0 to extract
analysis time: 0.00 s
result: malware [140]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file REZ Injector by -Sp0ng3b0b-.exe 3ee6f7fa313afb8173cdee338973f741
REZ Injector by -Sp0ng3b0b-.exe.78: string.This program cannot be run in DOS mode
REZ Injector by -Sp0ng3b0b-.exe.1089712: string.LoadLibraryA
REZ Injector by -Sp0ng3b0b-.exe.1089958: string.GetModuleHandleA
REZ Injector by -Sp0ng3b0b-.exe.1090382: string.GetCommandLineA
REZ Injector by -Sp0ng3b0b-.exe.1092454: string.GetSystemMetrics
REZ Injector by -Sp0ng3b0b-.exe.1089694: string.GetProcAddress
REZ Injector by -Sp0ng3b0b-.exe.1089786: string.CreateProcessA
REZ Injector by -Sp0ng3b0b-.exe.1095774: string.EnterCriticalSection
REZ Injector by -Sp0ng3b0b-.exe.1089728: string.CloseHandle
REZ Injector by -Sp0ng3b0b-.exe.1090232: string.CreateFileA
REZ Injector by -Sp0ng3b0b-.exe.1093176: string.RegOpenKeyExA
REZ Injector by -Sp0ng3b0b-.exe.1091040: string.KERNEL32
REZ Injector by -Sp0ng3b0b-.exe.1092382: string.GetMessageA
REZ Injector by -Sp0ng3b0b-.exe.1091280: string.CreateWindowExA


Strings

raw strings

Dropped Files

REZ Injector by -Sp0ng3b0b-.exe at zip
md5: 3ee6f7fa313afb8173cdee338973f741
sha1: 4fc023ad578519aa9c60c27b74299acab9cbaa8a
sha256: f93bb0e0ca01bbcbfac5960b3789f7a549ac29099744d8b26c70f6f6b72ccbf6
view strings