f4f5108d6d9e62c08885019819a13b8b9d94c593e38b67d7697fb823efede2bb | Triage

Sharing

General

Target

f4f5108d6d9e62c08885019819a13b8b9d94c593e38b67d7697fb823efede2bb
Size

339KB
MD5

a817c815f733a9112cf85fd4443f3c0f
SHA1

c469cc3c5f030aef78e9e65d8c25d78d71411d42
SHA256

f4f5108d6d9e62c08885019819a13b8b9d94c593e38b67d7697fb823efede2bb
SHA512

83f9644a348852f665043a43a058255e9072e47a4978798c12b55f50ae8e6331ebb82409c0be72895cc1273b80726255cf9d491e1ff724a43f5724fa21e52a58

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
pdf link

Processes:

resource yara_rule

sample pdf_with_link_action
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

f4f5108d6d9e62c08885019819a13b8b9d94c593e38b67d7697fb823efede2bb
.pdf
- http://www.beginningtoseethelight.org/efsrecovery/
- http://www.dpapick.com
- http://www.dpapick.com/
- http://tools.ietf.org/html/rfc2898
- http://msdn.microsoft.com/en-us/library/aa375549%28VS.85%29.aspx
- http://msdn.microsoft.com/en-us/library/ms995355.aspx
- http://www.openwall.com/john
- http://www.nirsoft.net/
- http://whilethevalueof1denotestheProtectStoragesystem.sz
- http://thatisavailablefordownloadfromwww.dpapick.com
- http://www.beginningtoseethelight.org/8
- http://www.dpapick.com/,2010.16B.Kaliski.Pkcs#5:Password-basedcryptogra-physpeci
- http://tools.ietf.org/html/rfc2898,2000.87Microsoft.Algorithmidtable.http://msdn.microsoft.com/en-us/library/aa375549%28VS.85%29.aspx.58Microsoft.Windowsdataprotection.MSDNhttp://msdn.microsoft.com/en-us/library/ms995355.aspx,2001.1,39P.Oechslin.Makingafastercryptanalytictime-memorytrade-off.InProceedingsofCRYPTO2003,pages617
- http://www.openwall.com/john.8[11]NirSofer.Nirsoferpasswordrecoverytools.http://www.nirsoft.net/,2010.1[12]MattWeir,SudhirAggarwal,BillGlodek,andBrenodeMedeiros.Passwordcrackingusingprobabilisticcontext-freegrammars.InproceedingsofIEEESe-curityandPrivacy,2009.8ACREDHISTStructureTheCREDHISTstructurelookslikethis:structcredhistentrysfDWORDdwMagic1;//0x00000001DWORDidHashAlgo;DWORDdwRounds;//0x00000AF0DWORDdwCipherAlgo;//0x00006603BYTEbSID[12];DWORDdwComputerSID3;DWORDdwAccountID;BYTEbData[28];BYTEbPasswordID[16]g;Where
- Show all