Cryptam // document analysis


Sample Details

original filename: moet.zip

size: 42093 bytes
submitted: 2017-08-08 14:45:10
md5: c8872ae48c9474e01649a5953084a2c1
sha1: 6a90858c79c9463d68177f969b79283fe48d9c5c
sha256: d83e7308682f64524455ba345304ab371876ec4f625d19a929b2aa65f8192b28
ssdeep: 768:79JGjNfq2H0DadhtDio4g4KRGYcahblZGrVJW94f1MK/StDgr7Z7/04ht3EdR:SpqMhtDipQwDGpZGr3WXDg39Mw3g
content/type: Zip archive data, at least v2.0 to extract
analysis time: 0.00 s
result: malware [110]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file moet.exe 1adc33c2067cca9a2b99bc51df6c10a5
moet.exe.78: string.This program cannot be run in DOS mode
moet.exe.91210: string.LoadLibraryA
moet.exe.91480: string.GetModuleHandleA
moet.exe.91224: string.GetProcAddress
moet.exe.90974: string.CloseHandle
moet.exe.90950: string.CreateFileA
moet.exe.91812: string.RegOpenKeyExA
moet.exe.90900: string.user32.dll
moet.exe.76639: string.shell32.dll
moet.exe.90840: string.KERNEL32
moet.exe.91768: string.ExitProcess


Yara Tags

compression_aPLib

Strings

raw strings

Dropped Files

moet.exe at zip
md5: 1adc33c2067cca9a2b99bc51df6c10a5
sha1: a4097e383965ebb8cbf6c70ebf599f69bb4f7fea
sha256: 361ca48742b967c4a4a2aa280adcd45e1616b0cbb98c8342b902c2386242abc0
view strings