Cryptam // document analysis


Sample Details

original filename: New Order.doc

size: 1115766 bytes
submitted: 2018-02-08 16:09:01
md5: 14bbf401a23b5e798ab456869df16429
sha1: b7a7bef5f50609e65c06a554244e8d964d35962c
sha256: b3e16b8b31d5f185d6097b55407fadf9263fb6d4302067daf421f0fb77b2744e
ssdeep: 24576:bdh2jLEbdNccvaMsmRPAfdXllIE6j1XnVzdg87QSl8+G0l5t+f:bnCji1AJllmFx6oGJ
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [12]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject1.bin eedaca42a0d3f9c59a10e0673d35be42
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.11963: string.This program cannot be run in DOS mode
oleObject1.bin.dropped.file exe 374e4dd3a060fc9e14baba1faad277fe / 1192851 bytes / @ 11885


Strings

raw strings

Dropped Files

oleObject1.bin at zip
md5: eedaca42a0d3f9c59a10e0673d35be42
sha1: be1ccbcdbaebb3ea796ec6b84351de6b6ba138ef
sha256: 51c897d1b77faf8a3f99298f4ff77f55f46d8f8160c1ef11d201332b739cff3d
view strings

exe at 11885
md5: 374e4dd3a060fc9e14baba1faad277fe
sha1: 6d29079fbf41129897355ddbe140fcf6a80ca515
sha256: 4a1d5c9fcf8d9f1c6507c63b186d05ba2df2539d3e299413b1cf7cf31aa2281e
imphash: f34d5f2d4577ed6d9ceec516c1f5a744
view strings