Cryptam // document analysis


Sample Details

original filename: oleObject1.bin

size: 1167360 bytes
submitted: 2017-07-12 10:17:26
md5: 22aed247455475d7c16c0d4009eb62de
sha1: 0f5c58d70204b72437210cb92b8063017ea129a0
sha256: d1ec615e96ac6dbe1c866868d69c80421884a3c49b47125ccf25592f50cab47e
ssdeep: 24576:FnHmXRcdnvHi/pjrvTr+DL+2QL3VLQZQn:9EchiBO/+2QLlLaQ
content/type: Composite Document File V2 Document, No summary info
analysis time: 3.71 s
result: malware [72]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
11455: string.This program must be run under Win32
1162565: string.LoadLibraryA
1162579: string.GetProcAddress
1162527: string.user32.dll
1162515: string.shell32.dll
1162419: string.KERNEL32
1162639: string.ExitProcess
dropped.file exe 4e8f9ccc128ba64b8cde9c68b032e799 / 1155985 bytes / @ 11375


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 11375
md5: 4e8f9ccc128ba64b8cde9c68b032e799
sha1: d70c33b2de099598ceaeb30c1465df178d27d02d
sha256: e077c81ddc47b4bf34cc98e34f018c8a1aac6e55a3eebec0ec2d8702708b841d
view strings