Behavioral task
behavioral1
Sample
analyzing-malicious-document-files.pdf
Resource
win10-20220812-en
General
-
Target
analyzing-malicious-document-files.pdf
-
Size
218KB
-
MD5
7155f3f607cf253b532c850dd3d2791e
-
SHA1
22534554a093bfa853847e7f5fa6f126c57a0610
-
SHA256
bde3b102cd7ce540ee9838727f6aad628669f81c255d1a38bc72b0047eb33958
-
SHA512
fa2bbf5050caa8ec829ee827784557ea8c547d02a4fb186f8f09a99d1ffddf6a20817fa3b2577e76f39d9af472c6335b64ad8b4c2f335655a2287d5967950cd9
-
SSDEEP
6144:hEnKu4k9bvu6nphAR3gUDe3XyynysdtMDg6/RtLzUCZxY7Cr6926vXrX:OKu467dphe7KvysgDg6p5zUi569dX
Malware Config
Signatures
Files
-
analyzing-malicious-document-files.pdf.pdf
-
https://www.sans.org/blog/srp-streams-in-ms-office-documents-reveal-earlier-versions-of-malicious-macros/
-
https://videos.didierstevens.com/2014/08/14/zipdump-py/
-
https://github.com/decalage2/oletools/wiki/olevba
-
https://blog.didierstevens.com/programs/oledump-py/
-
https://blog.didierstevens.com/2018/01/15/update-xmldump-py-version-0-0-2/
-
https://github.com/decalage2/ViperMonkey
-
https://github.com/outflanknl/EvilClippy
-
https://github.com/nolze/msoffcrypto-tool
-
https://github.com/bontchev/pcodedmp
-
https://github.com/Big5-sec/pcode2code
-
https://www.decalage.info/python/rtfobj
-
https://blog.didierstevens.com/2016/08/02/rtfdump-update-and-videos/
-
https://github.com/DissectMalware/XLMMacroDeobfuscator
-
https://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
-
https://blog.didierstevens.com/programs/pdf-tools/
-
http://qpdf.sourceforge.net/
-
https://blog.didierstevens.com/2014/09/29/update-xorsearch-with-shellcode-detector/
-
http://sandsprite.com/blogs/index.php?uid=7&pid=152
-
https://github.com/edygert/runsc
-
https://blog.didierstevens.com/2017/07/02/update-base64dump-py-version-0-0-7/
-
https://videos.didierstevens.com/2016/10/11/maldoc-numbers-to-string-py/
-
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
-
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cscript
-
https://github.com/CapacitorSet/box-js
-
https://gist.githubusercontent.com/mattifestation/e179218d88b5f100b0edecdec453d9be/raw/2329bda456b5b8e2f973cc5dc026b6fc221dad79/AMSIScriptContentRetrieval.ps1
-
https://zeltser.com/automated-malware-analysis/
-
https://remnux.org/
-
http://zipdump.py
-
http://oledump.py
-
http://xmldump.py
-
http://rtfobj.py
-
http://rtfdump.py
-
http://pdfid.py
-
http://pdf-parser.py
-
http://base64dump.py
-
http://numbers-to-string.py
-
http://AMSIScriptContentRetrieval.ps
-
http://zeltser.com/cheat-sheets.
- Show all
-