Overview

overview

7

Static

static

4

ForwardMai...le.exe

windows10-2004-x64

7

ForwardMai...le.pdb

windows10-2004-x64

3

ForwardMai...it.pdb

windows10-2004-x64

3

ForwardMai...it.pdb

windows10-2004-x64

3

ReleasePlu...DF.htm

windows10-2004-x64

1

ReleasePlu...lp.odt

windows10-2004-x64

1

ReleasePlu...ew.exe

windows10-2004-x64

5

ReleasePlu...ew.pdb

windows10-2004-x64

3

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ox.cmd

windows10-2004-x64

1

ReleasePlu...ig.txt

windows10-2004-x64

1

mboxview.exe

windows10-2004-x64

3

mboxview64.exe

windows10-2004-x64

3

scripts/HT...ry.cmd

windows10-2004-x64

1

scripts/HT...me.cmd

windows10-2004-x64

1

scripts/HT...df.cmd

windows10-2004-x64

1

scripts/HT...ry.cmd

windows10-2004-x64

1

scripts/HT...me.cmd

windows10-2004-x64

1

scripts/HT...df.cmd

windows10-2004-x64

1

scripts/HT...ry.cmd

windows10-2004-x64

1

scripts/HT...me.cmd

windows10-2004-x64

1

scripts/HT...df.cmd

windows10-2004-x64

5

scripts/PD...ox.cmd

windows10-2004-x64

1

scripts/pd...ig.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mbox-viewer.exe-v1.0.3.34.zip

  • Size

    42.7MB

  • MD5

    efab7634e2f9235b7da249a1913c656e

  • SHA1

    ebab3c25c8bcc8acec975696c6b4e8aaeb8182b6

  • SHA256

    579da36c31cc4e5d556f6298ee204184a357a3bdeeb8b94586ae217900408c72

  • SHA512

    6d9332722a1b8d58bbb3b786245d3e976c4caf34f3ee7044c045fac45989fa90a7e444e818fec2711b897600b5a71d8974707a71e3686c58b60a0e783d04d5bd

  • SSDEEP

    786432:Sp54SPNAvdKrBnFeiIYaf0r4Mk6NfRcFrPIE9q5t/3fePsb/DP3lyhBWIDfNk5u4:sbIdKr9YyamRGFkE9qP3fSsbrlIWI5D4

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 2 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • mbox-viewer.exe-v1.0.3.34.zip
    .zip
  • ForwardMails.pdf
    .pdf

    • https://my.help.yahoo.com/kb/account/generate-third-party-passwords-sln15241.html

    • https://support.microsoft.com/en-us/account-billing/using-app-passwords-with-apps-that-don-t-support-two-step-verification-5896ed9b-4263-e681-128a-a6f2979a7944

    • https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2

    • https://support.microsoft.com/en-us/account-billing/how-to-create-a-new-microsoft-account-a84675c3-3e9e-17cf-2911-3d56b15c0aaf

    • https://account.microsoft.com/account

    • https://community.windows.com/en-us/stories/everything-you-need-to-know-about-microsoft-accounts

    • https://www.systoolsgroup.com/gmail-backup/turn-off-two-step-verification.html

    • https://www.lifewire.com/get-a-password-to-access-gmail-by-pop-imap-2-1171882

    • https://myaccount.google.com/security

    • Show all
  • ForwardMails/ForwardEmlFile.exe
    .exe windows x86

    bf1462ce2cfa173883d7ac57d7af7b93


    Headers

    Imports

    Sections

  • ForwardMails/ForwardEmlFile.pdb
  • ForwardMails/MailKit.pdb
  • ForwardMails/MimeKit.pdb
  • HELP.txt
  • HelpFiles/PrintMultipleMailsToPDF.htm
    .html
  • HelpFiles/SearchHelp.odt
    .odt openoffice
  • HelpFiles/SearchHelp.pdf
    .pdf
  • LICENSE.txt
  • README.txt
  • ReadMe.markdown
  • ReleasePlusStackTrace/HELP.txt
  • ReleasePlusStackTrace/HelpFiles/PrintMultipleMailsToPDF.htm
    .html
  • ReleasePlusStackTrace/HelpFiles/SearchHelp.odt
    .odt openoffice
  • ReleasePlusStackTrace/HelpFiles/SearchHelp.pdf
    .pdf
  • ReleasePlusStackTrace/mboxview.exe
    .exe windows x86

    24a78c123d56695e0203f68fde13a08e


    Headers

    Imports

    Sections

  • ReleasePlusStackTrace/mboxview.pdb
  • ReleasePlusStackTrace/scripts/HTML2PDF-all-chrome-canary.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-all-chrome.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-all-wkhtmltopdf.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-group-chrome-canary.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-group-chrome.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-group-wkhtmltopdf.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-single-chrome-canary.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-single-chrome.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-single-wkhtmltopdf.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/PDFMerge-pdfbox.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/pdfbox-config.txt
  • UserGuide.pdf
    .pdf
  • mboxview.exe
    .exe windows x86

    c669d7cbaafd05fcff9c2267d8361e98


    Headers

    Imports

    Sections

  • mboxview64.exe
    .exe windows x64

    388ea2936498ba00ad4d7f7765024484


    Headers

    Imports

    Sections

  • scripts/HTML2PDF-all-chrome-canary.cmd
    .cmd .vbs
  • scripts/HTML2PDF-all-chrome.cmd
    .cmd .vbs
  • scripts/HTML2PDF-all-wkhtmltopdf.cmd
    .cmd .vbs
  • scripts/HTML2PDF-group-chrome-canary.cmd
    .cmd .vbs
  • scripts/HTML2PDF-group-chrome.cmd
    .cmd .vbs
  • scripts/HTML2PDF-group-wkhtmltopdf.cmd
    .cmd .vbs
  • scripts/HTML2PDF-single-chrome-canary.cmd
    .cmd .vbs
  • scripts/HTML2PDF-single-chrome.cmd
    .cmd .vbs
  • scripts/HTML2PDF-single-wkhtmltopdf.cmd
    .cmd .vbs
  • scripts/PDFMerge-pdfbox.cmd
    .cmd .vbs
  • scripts/pdfbox-config.txt