Behavioral task
behavioral1
Sample
Book_1.pdf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Book_1.pdf
Resource
win10v2004-20220812-en
General
-
Target
Book_1.pdf
-
Size
7.4MB
-
MD5
a5783732d4374f11ac2da0fb7a9ea5f6
-
SHA1
54345ac363c42934c51d8e1d52bbc6b836121e0e
-
SHA256
3eaa9f4c98b168639e48c087b451a4b59fced9c33b98b1252a52798638b39038
-
SHA512
6c95382593baa6908eef14907679b369decd57c7b038fcbe2b8f4dc8adf5d4ffba0a1f2af2f1023f80b645cfefcc9bc4df3518030acbf790106e0b34ccf0fdf4
-
SSDEEP
196608:mXykovkbrd1D9mZxTfb8CU+THIjHujxLPLY1mdX:mXmo51BuxUCUljULYg
Malware Config
Signatures
Files
-
Book_1.pdf.pdf
-
http://gmail.com
-
https://zeltser.com
-
https://twitter.com/lennyzeltser.
-
https://zeltser.com/blog.
-
https://REMnux.org
-
https://zeltser.com/what-is-malware.
-
https://www.fotolia.com/id/13374457.
-
https://www.sans.org/instructors/alissa-torres
-
https://github.com/MAECProject/schemas/wiki/Malware-Capabilities.)-901(Dependencies:
-
https://zeltser.com/malware-analysis-report.The
-
https://digital-forensics.sans.org/blog/2014/12/01/how-to-track-your-malware-analysis-findings.12
-
https://zeltser.com/automated-malware-analysis.
-
https://www.virustotal.com/en/file/1e9f21f514ee4793cfae7baa21549be0d9b432c59513d2efed860c2b1501da39/analysis/VirusTotal
-
https://www.hybrid-analysis.com/sample/1e9f21f514ee4793cfae7baa21549be0d9b432c59513d2efed860c2b1501da39.Hybrid
-
http://cn.mnemonicarx.biz
-
http://cm.mnemonicarx.biz
-
https://otx.alienvault.com/indicator/hostname/cn.mnemonicarx.biz.
-
https://otx.alienvault.com/indicator/file/dceb91a3aace0c732f5732584fe7eac2635546f10df2bd0ce0330a9d3730016d.The
-
https://microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fBunitu.
-
http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf.
-
http://clonezilla.org
-
https://www.fogproject.org
-
https://isc.sans.edu/diary/4147.
-
https://en.wikipedia.org/wiki/Preboot_Execution_Environment.
-
http://www.faronics.com/products/deep-freeze
-
http://horizondatasys.com
-
https://technet.microsoft.com/en-us/library/cc962614.aspx.In
-
http://brbbot.zip
-
http://sourceforge.net/projects/pev.
-
http://www.mcafee.com/us/downloads/free-tools/bintext.aspx.
-
http://split-code.com/strings2.html.
-
https://www.winitor.com
-
http://pescanner.py
-
https://github.com/guelfoweb/peframe,
-
https://github.com/hiddenillusion/AnalyzePE/blob/master/pescanner.py.As
-
http://ntinfo.biz
-
http://www.exeinfo.xn.pl
-
http://aluigi.altervista.org/mytoolz.htm
-
http://pev.sf.net
-
https://katjahahn.github.io/PortEx
-
http://mas.py
-
https://git.korelogic.com/mastiff.git
-
http://www.sno.phy.queensu.ca/~phil/exiftool
-
http://mark0.net/soft-trid-e.html
-
https://github.com/viper-framework/viper
-
http://processhacker.sourceforge.net
-
https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx.
-
https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx.
-
http://www.procdot.com
-
https://sourceforge.net/projects/regshot.Wireshark
-
https://www.wireshark.org
-
http://www.nirsoft.net/utils/tcp_log_view.html,
-
https://technet.microsoft.com/en-us/library/cc960241.aspx
-
http://brb.3dtuts.by
-
https://code.activestate.com/recipes/491264-mini-fake-dns-server.When
-
http://google.com
-
http://win10.ipv6.microsoft.com
-
http://officeclient.microsoft.com
-
http://v10.vortex-win.data.microsoft.com
-
https://www.hex-rays.com/products/ida
-
http://x64dbg.com
-
https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit
-
http://rada.re
-
https://binary.ninja
-
https://www.hopperapp.com
-
https://msdn.microsoft.com/en-us/library/windows/desktop/aa365467
-
https://msdn.microsoft.com/en-us/library/windows/desktop/aa365467.aspx
-
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379913.aspx
-
http://www.rohitab.com/apimonitor
-
http://encoded.rawtranslate.py
-
https://www.linuxjournal.com/content/doing-reverse-hex-dump
-
http://translate.py
-
https://blog.didierstevens.com/programs/translate.
-
http://talonstamed.com
-
http://www.inetsim.org
-
https://talonstamed.com/images/1m6r.exeinfo:
-
https://talonstamed.com/images/1m6r.exe.One
-
https://www.telerik.com/download/fiddler.
-
https://techanarchy.net/2013/10/inetsim-and-ip-addresses.
-
https://nmap.org/ncat
-
http://getdown.zip
-
http://www.nirsoft.net/utils/tcp_log_view.html.
-
http://www.novirusthanks.org/products/pe-capture.ApateDNS
-
https://www.fireeye.com/services/freeware/apatedns.html.FakeNet-NG
-
https://github.com/fireeye/flare-fakenet-ng.
-
http://zeltser.comzeltser.com/blogTwitter:
-
http://sans.org
-
http://RESOURCESdigital-forensics.sans.org
- Show all
-