General
-
Target
Payment Advice - Advice RefGLVA05109502 .PDF.exe
-
Size
308KB
-
Sample
201009-y37qvfch3s
-
MD5
f3157002f5636d7d4170d458ac9e15cf
-
SHA1
b07b04c23c922d7bcca37e4e9d141c4ab92b99e9
-
SHA256
757112683c4f6e6d8e0091606b7587acdb71946003b2a803052d3fb1d1686336
-
SHA512
f920d0586690e7cdd57d3a54b0147f7fb2b6abeb49b9a1cf41dfcba0e89f1e29fe5ad3b2babd5d9eac02702bd1247615b15ebc14335157936a70f1be3757fdd4
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice - Advice RefGLVA05109502 .PDF.exe
Resource
win7v200722
Malware Config
Targets
-
-
Target
Payment Advice - Advice RefGLVA05109502 .PDF.exe
-
Size
308KB
-
MD5
f3157002f5636d7d4170d458ac9e15cf
-
SHA1
b07b04c23c922d7bcca37e4e9d141c4ab92b99e9
-
SHA256
757112683c4f6e6d8e0091606b7587acdb71946003b2a803052d3fb1d1686336
-
SHA512
f920d0586690e7cdd57d3a54b0147f7fb2b6abeb49b9a1cf41dfcba0e89f1e29fe5ad3b2babd5d9eac02702bd1247615b15ebc14335157936a70f1be3757fdd4
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-