Cryptam // document analysis


Sample Details

original filename: oleObject1.bin

size: 856576 bytes
submitted: 2017-07-12 10:02:10
md5: 0332b68e3ec37b8d2332216ac341cf3f
sha1: 0a328326a7c234a94a949128132ce751a48af028
sha256: f501c95ee51efd5b381ce8ea169c9101def214063d5a2b451a17e615527de979
ssdeep: 12288:lhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aw9htw11VPq7zSzqv6S:zRmJkcoQricOIQxiZY1iaStwzpqv7v3
content/type: Composite Document File V2 Document, No summary info
analysis time: 3.36 s
result: malware [92]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
9505: string.This program cannot be run in DOS mode
586487: string.LoadLibraryA
591185: string.GetSystemMetrics
586503: string.GetProcAddress
592099: string.CreateProcessA
587563: string.EnterCriticalSection
574635: string.CloseHandle
588657: string.KERNEL32
539418: string.ExitProcess
dropped.file exe e9cab40086bdd2a78dfca7f616d99496 / 847149 bytes / @ 9427


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 9427
md5: e9cab40086bdd2a78dfca7f616d99496
sha1: ef645b757622b2f99138924849398d8e18e57711
sha256: e28019a30a0c490ac4492ff4b6db44f54054d25d106ab7f0bb2f460916ff939a
view strings