6c46fe5c992989e43a781c7449354c7869bba06b4e15d66962b59f306117893a

General

Target

6c46fe5c992989e43a781c7449354c7869bba06b4e15d66962b59f306117893a
Size

716KB
MD5

218bbd007898e6b6fc754fe5c76668fc
SHA1

81ac434b84905b8746ea61ebb479135bbd3a3c4d
SHA256

6c46fe5c992989e43a781c7449354c7869bba06b4e15d66962b59f306117893a
SHA512

ec5b325a2d53067e62a358433364d0123506398e6e1972a72ca41bd26428cc49049b16067dd0066676f176bac97068a6aed521ded0fa408b74f1c40627a72105
SSDEEP

6144:bjjw/Azojb0yvwQyxaAK/rtHc7GVGkh9AAiGgqUffffOR0Rv0eJnQqNbRoTw:njKAzoXyQYFKlc+2I+v3yq1R

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
pdf link

Processes:

resource yara_rule

sample pdf_with_link_action

resource	yara_rule
sample	pdf_with_link_action

Files

6c46fe5c992989e43a781c7449354c7869bba06b4e15d66962b59f306117893a
.exe windows x86

7db73e92b50a026e5b82551198b2dbe8

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
GetCurrentDirectoryA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
SetFileAttributesA
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
VirtualQuery
GetProcAddress
GetModuleHandleA
GetTempPathA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

shell32

ShellExecuteA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7db73e92b50a026e5b82551198b2dbe8

Code Sign

Headers

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 388KB - Virtual size: 387KB

.rsrc Size: 288KB - Virtual size: 286KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 388KB - Virtual size: 387KB

.rsrc
Size: 288KB - Virtual size: 286KB