Cryptam // document analysis


Sample Details

original filename: consignee.doc

size: 269824 bytes
submitted: 2017-10-07 19:24:09
md5: a7216ddd79ec34efd007b281fc87c2c5
sha1: 8e08697d52c97234da186da941a4dd39b1a09edd
sha256: fd7fd85d7a52b85c13f0038d62572c82b72186eab0672ac0d1e280269438b153
ssdeep: 3072:/cpbo/jS++UbMnjd/dzXDXf+ieT6EMFbgX/iVb17pomt3KhH4dFEREE1CG4uM4sL:kZ6BMnrypeEmbSIuQ6KFdf2kcq41P+
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 28.82 s
result: malware [42]
embedded executable: found

signature hits:

10320: suspicious.office Packager ClassID used by CVE-2014-6352 C
14089: string.This program cannot be run in DOS mode
124675: string.GetSystemMetrics
126295: string.GetProcAddress
124692: string.user32.dll
dropped.file exe e34178fdbe2653a60e65956a81eb15e5 / 255813 bytes / @ 14011


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 14011
md5: e34178fdbe2653a60e65956a81eb15e5
sha1: fa4f610c06e4ce1f12f44cac1489bdc46fc75718
sha256: aaad56228e10b22cab830e19bbba368cb8f358dbb926a69f1aee53af54315b61
view strings