Cryptam // document analysis



Sample Details

original filename: 10d26a22bc602fd41c081711343498b3.1

size: 324009 bytes
submitted: 2018-02-09 18:49:04
md5: 10d26a22bc602fd41c081711343498b3
sha1: babaf674abeb85733b896bdf119edc6412da365e
sha256: e9328f51c6c2bc601f4a5e2151d7cdd9e4fe2c49ed3690231af6ccbb896460c9
ssdeep: 6144:leWJu9WIACO9OUxJJC2+pQPlsDm753daoSKTKJowoy3Q3z:IWCrACdU8n8Wi7rnSKTqo1r
content/type: Rich Text Format data, version 1, unknown character set
analysis time: 11.11 s
result: malware [82]
embedded executable: found

signature hits:

62242: exploit.office cmd.exe shell command
32188: obfuscation.office RTF embedded Word Document
182964: string.GetModuleHandleA
115380: string.GetCommandLineA
114054: string.CloseHandle
179806: string.user32.dll
114760: string.KERNEL32
114518: string.ExitProcess


Cryptanalysis


key length: 1024 bytes
key:

entropy: 99.41%


Strings

raw strings
decrypted raw strings