Overview

overview

3

Static

static

3

f91fd131be...04.pdf

windows7_x64

1

f91fd131be...04.pdf

windows10-2004_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f91fd131be23c38ca791ef6c6794921931467af36c3ea868c36c587132ab6604

  • Size

    1.8MB

  • MD5

    c7d97ac60a8a612c07cc4ddd5f6fcead

  • SHA1

    667f46369a2c81c369fef8d6bd4e3a58d766247c

  • SHA256

    f91fd131be23c38ca791ef6c6794921931467af36c3ea868c36c587132ab6604

  • SHA512

    511985fb847816bedcf7c7009ac3d44adc9349d4c85fe020f8442f80c78485c2aba5b90d749ef311d16023eb0534bad00aacf2851bc322d96ac5d2157fb93e30

  • SSDEEP

    49152:JUB8J43awGG1yXXLlj+O8obBkKA0wiTVBsN/NhRrGG/SimpNd:pSd1UXBXtBkRMTVINhw+SiGf

Score
3/10
pdflink

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • f91fd131be23c38ca791ef6c6794921931467af36c3ea868c36c587132ab6604
    .pdf

    • https://twitter.com/kindredsec

    • https://docs.microsoft.com/en-us/dotnet/api/microsoft.csharp.csharpcodeprovider?view=netframework-4.8

    • https://docs.microsoft.com/en-us/dotnet/api/system.codedom.compiler.compilerparameters?view=netframework-4.8

    • https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc

    • https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createthread

    • https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-waitforsingleobject

    • https://docs.microsoft.com/en-us/dotnet/api/system.intptr.size?view=netframework-4.8

    • https://github.com/itsKindred/malware-analysis-writeups/blob/master/swrort-dropper/files/stage1.bat

    • https://github.com/itsKindred/malware-analysis-writeups/blob/master/swrort-dropper/files/stage2.ps1

    • Show all