General
-
Target
Factura_pdf.zip
-
Size
494KB
-
Sample
200914-7m27db3f3a
-
MD5
c251cf770b0bf17285ed119dc86164dd
-
SHA1
fc787c1d3dade5b3eeefd30257041f836abb8eda
-
SHA256
4aec2461eda1de35cd37c3d182e7d8d7ee6d4ad76c6f9ad3abd70c1fa61aed6f
-
SHA512
e99299ba08b62d7ecd5151fc623a8f86340b80df03b9b0bd7e621e99412b9a66ea6e85c7d65dd9321e00b45c5406b2e6b8d1cabbd12b3d50b231939dd842ba95
Static task
static1
Behavioral task
behavioral1
Sample
Factura_pdf.exe
Resource
win7
Malware Config
Targets
-
-
Target
Factura_pdf.exe
-
Size
651KB
-
MD5
a9345ccbf5367e9cb23076e0268b6a05
-
SHA1
16f36de10d18cc7960fdcb2e2a8e02bb30c8033a
-
SHA256
c2eea0526fcd8596d700eb7001185ac149b232319e8268bce21ccfe4fd1d7500
-
SHA512
420b3e0542b531586a40ef404c5883957cfe23dc772aa8731ab4f4806754325cfd16670807c059ab0d3e89c1df957e337bc8c5407e32aa5107ca9d93139792f0
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-