Cryptam // document analysis


Sample Details

original filename: oleObject1.bin

size: 1202688 bytes
submitted: 2017-04-16 14:14:10
md5: ea156984457ead7637e137d3e3eafb11
sha1: 44e26624cd9cba7d52d2f87792352be3f0edb79b
sha256: d36cc962e487f8c076fe9124352b5ccdb68f2cf810c4bfc57417f1c0290358b0
ssdeep: 24576:+iQMfPw3HL/Kxj+P0iATQposq93LJegeK1FlQ2TLRIHj:RlfPw3r/E+hnesq93L4KXfRIH
content/type: Composite Document File V2 Document, No summary info
analysis time: 3.22 s
result: malware [72]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
11967: string.This program must be run under Win32
1197461: string.LoadLibraryA
1197475: string.GetProcAddress
1197423: string.user32.dll
1197411: string.shell32.dll
1197315: string.KERNEL32
1197535: string.ExitProcess
dropped.file exe ae9e9448c444175afcb35ad75f4dbef9 / 1190801 bytes / @ 11887


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 11887
md5: ae9e9448c444175afcb35ad75f4dbef9
sha1: 12d7c2d43e148894389ddc324bdecb0a9ee64a0e
sha256: d615da12cece3212c1510c7d25460abf8a57453f9c50bca9af8c4abe462fe7bc
view strings