Overview

overview

8

Static

static

8

???????????.doc

windows10_x64

1

????????????.doc

windows10_x64

1

??????????...??.pdf

windows10_x64

1

??????????...??.doc

windows10_x64

1

Uninst.exe

windows10_x64

1

setup.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    red_spider_v721732.zip

  • Size

    18.7MB

  • MD5

    abbe2c80e58b0a062e8e258888c525e6

  • SHA1

    4d15540b9f967292f5e9f672c491515041066719

  • SHA256

    dd2cbeda09bb4e9bdc32df15f5ed8cf090eb7c6aea30f67c471ec777b13d871d

  • SHA512

    af75a0e9abe1a88e2f1124200d6ba20c71af66f246afd9994a4b6a33beb3a61428d76914513319dbf9ee9e17927a0cbf6342aa0acfed581a41c2c3c4a02361fe

Score
8/10
pdflinkmacroxlm

Malware Config

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macroxlm
  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • red_spider_v721732.zip
    .zip
  • 3000soft.ico
  • ???????????.doc
    .doc windows office2003
  • ????????????.doc
    .doc windows office2003
  • ???????????????(FormatPaper.exe)??????.pdf
    .pdf

    • http://www.examcoo.com/

  • ???????????????????????????????????.doc
    .doc windows office2003
  • Autorun.inf
  • Uninst.exe
    .exe windows x86


  • data1.cab
  • data1.hdr
  • data2.cab
  • layout.bin
  • setup.bmp
  • setup.exe
    .exe windows x86


  • setup.ibt
  • setup.ini
  • setup.inx
  • setup.isn
  • setup.iss
  • usetup.iss