Behavioral task
behavioral1
Sample
f4f5108d6d9e62c08885019819a13b8b9d94c593e38b67d7697fb823efede2bb.pdf
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
f4f5108d6d9e62c08885019819a13b8b9d94c593e38b67d7697fb823efede2bb.pdf
Resource
win10v2004-20220310-en
General
-
Target
f4f5108d6d9e62c08885019819a13b8b9d94c593e38b67d7697fb823efede2bb
-
Size
339KB
-
MD5
a817c815f733a9112cf85fd4443f3c0f
-
SHA1
c469cc3c5f030aef78e9e65d8c25d78d71411d42
-
SHA256
f4f5108d6d9e62c08885019819a13b8b9d94c593e38b67d7697fb823efede2bb
-
SHA512
83f9644a348852f665043a43a058255e9072e47a4978798c12b55f50ae8e6331ebb82409c0be72895cc1273b80726255cf9d491e1ff724a43f5724fa21e52a58
Malware Config
Signatures
Files
-
f4f5108d6d9e62c08885019819a13b8b9d94c593e38b67d7697fb823efede2bb.pdf
-
http://www.beginningtoseethelight.org/efsrecovery/
-
http://www.dpapick.com
-
http://www.dpapick.com/
-
http://tools.ietf.org/html/rfc2898
-
http://msdn.microsoft.com/en-us/library/aa375549%28VS.85%29.aspx
-
http://msdn.microsoft.com/en-us/library/ms995355.aspx
-
http://www.openwall.com/john
-
http://www.nirsoft.net/
-
http://whilethevalueof1denotestheProtectStoragesystem.sz
-
http://thatisavailablefordownloadfromwww.dpapick.com
-
http://www.beginningtoseethelight.org/8
-
http://www.dpapick.com/,2010.16B.Kaliski.Pkcs#5:Password-basedcryptogra-physpeci
-
http://tools.ietf.org/html/rfc2898,2000.87Microsoft.Algorithmidtable.http://msdn.microsoft.com/en-us/library/aa375549%28VS.85%29.aspx.58Microsoft.Windowsdataprotection.MSDNhttp://msdn.microsoft.com/en-us/library/ms995355.aspx,2001.1,39P.Oechslin.Makingafastercryptanalytictime-memorytrade-off.InProceedingsofCRYPTO2003,pages617
-
http://www.openwall.com/john.8[11]NirSofer.Nirsoferpasswordrecoverytools.http://www.nirsoft.net/,2010.1[12]MattWeir,SudhirAggarwal,BillGlodek,andBrenodeMedeiros.Passwordcrackingusingprobabilisticcontext-freegrammars.InproceedingsofIEEESe-curityandPrivacy,2009.8ACREDHISTStructureTheCREDHISTstructurelookslikethis:structcredhistentrysfDWORDdwMagic1;//0x00000001DWORDidHashAlgo;DWORDdwRounds;//0x00000AF0DWORDdwCipherAlgo;//0x00006603BYTEbSID[12];DWORDdwComputerSID3;DWORDdwAccountID;BYTEbData[28];BYTEbPasswordID[16]g;Where
- Show all
-