Cryptam // document analysis


Sample Details

original filename: BL Documents.docx

size: 486619 bytes
submitted: 2018-04-12 04:37:01
md5: f241163d07e52fdaf2dc52e6e11550a7
sha1: a874b1a46eaa59b865df8c1cba0614c7236821d7
sha256: 9f7e2a95bdacf5cb0d8e685071500d4041bd13a9785cb5b45ac06c04c3477466
ssdeep: 6144:nSQKtt9aEd/Y6rp/XtXvAhkQ5plG0Yf1TV9sy5CoPDsipQM+3of3pGo+X6v1OK:nSQKR1Y6rp/9fAhkQ3lfs9XPY2Go+q7
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [92]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject1.bin 1fe9e04143dff6f8113ce13da4491371
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.11010: string.This program cannot be run in DOS mode
oleObject1.bin.587992: string.LoadLibraryA
oleObject1.bin.592690: string.GetSystemMetrics
oleObject1.bin.588008: string.GetProcAddress
oleObject1.bin.593604: string.CreateProcessA
oleObject1.bin.589068: string.EnterCriticalSection
oleObject1.bin.576140: string.CloseHandle
oleObject1.bin.590162: string.KERNEL32
oleObject1.bin.540923: string.ExitProcess
oleObject1.bin.dropped.file exe 16fb9287f8f0a7d2cdcf930c187ec1a3 / 1098060 bytes / @ 10932


Strings

raw strings

Dropped Files

oleObject1.bin at zip
md5: 1fe9e04143dff6f8113ce13da4491371
sha1: b18906e292ea95c78984539a2f8f9cc03a1b5657
sha256: cea0bb85051f0e5ccd47fd4bcbd9d98dcd38e1d718548835513933bcb79d445a
view strings

exe at 10932
md5: 16fb9287f8f0a7d2cdcf930c187ec1a3
sha1: 709a77fd19845c51ecc3c83ac7cb57a8cedc1eb1
sha256: a3708208152c20a48e0aecdef70320133930e8fb0c6999b7c801b80f96e5f0ac
imphash: d3bf8a7746a8d1ee8f6e5960c3f69378
view strings