Cryptam // document analysis


Sample Details

original filename: 1bccfa49b276bfea1f60550de720b434

size: 1068444 bytes
submitted: 2017-03-15 17:32:50
md5: 1bccfa49b276bfea1f60550de720b434
sha1: ce367faae6c62bc533f653b73cbfb2113e65f369
sha256: b95d2f4bd59db2865109b87014cd6b426f68a6802a4618b2556cc8545328ae89
ssdeep: 24576:8shygwmnaZQL7l+F6/6rQoGfztlxWHk5DiWsKNkJw1X42XOkrJ:8F/6V+prQoGbhb52Wnt4HkN
content/type: Zip archive data, at least v2.0 to extract
analysis time: 0.00 s
result: malware [90]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file XMen_Apocalypse.exe 5811ea0523735b927758dbbcb138deb6
XMen_Apocalypse.exe.78: string.This program cannot be run in DOS mode
XMen_Apocalypse.exe.1215212: string.LoadLibraryA
XMen_Apocalypse.exe.1214392: string.GetModuleHandleA
XMen_Apocalypse.exe.1214776: string.GetCommandLineA
XMen_Apocalypse.exe.1214458: string.GetProcAddress
XMen_Apocalypse.exe.1215056: string.GetEnvironmentVariableA
XMen_Apocalypse.exe.1214188: string.CloseHandle
XMen_Apocalypse.exe.1214490: string.KERNEL32
XMen_Apocalypse.exe.1214158: string.ExitProcess


Strings

raw strings

Dropped Files

XMen_Apocalypse.exe at zip
md5: 5811ea0523735b927758dbbcb138deb6
sha1: 1d893b4d7739980049c36d27e42316ce57d44a0e
sha256: f829a33a471bfb694c480f19cfbbbdefdacb716887b718d277ab8abcf2a08336
view strings