Book_1[.]pdf | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Book_1.pdf
Size

7.4MB
MD5

a5783732d4374f11ac2da0fb7a9ea5f6
SHA1

54345ac363c42934c51d8e1d52bbc6b836121e0e
SHA256

3eaa9f4c98b168639e48c087b451a4b59fced9c33b98b1252a52798638b39038
SHA512

6c95382593baa6908eef14907679b369decd57c7b038fcbe2b8f4dc8adf5d4ffba0a1f2af2f1023f80b645cfefcc9bc4df3518030acbf790106e0b34ccf0fdf4
SSDEEP

196608:mXykovkbrd1D9mZxTfb8CU+THIjHujxLPLY1mdX:mXmo51BuxUCUljULYg

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

Book_1.pdf
.pdf
- http://gmail.com
- https://zeltser.com
- https://twitter.com/lennyzeltser.
- https://zeltser.com/blog.
- https://REMnux.org
- https://zeltser.com/what-is-malware.
- https://www.fotolia.com/id/13374457.
- https://www.sans.org/instructors/alissa-torres
- https://github.com/MAECProject/schemas/wiki/Malware-Capabilities.)-901(Dependencies:
- https://zeltser.com/malware-analysis-report.The
- https://digital-forensics.sans.org/blog/2014/12/01/how-to-track-your-malware-analysis-findings.12
- https://zeltser.com/automated-malware-analysis.
- https://www.virustotal.com/en/file/1e9f21f514ee4793cfae7baa21549be0d9b432c59513d2efed860c2b1501da39/analysis/VirusTotal
- https://www.hybrid-analysis.com/sample/1e9f21f514ee4793cfae7baa21549be0d9b432c59513d2efed860c2b1501da39.Hybrid
- http://cn.mnemonicarx.biz
- http://cm.mnemonicarx.biz
- https://otx.alienvault.com/indicator/hostname/cn.mnemonicarx.biz.
- https://otx.alienvault.com/indicator/file/dceb91a3aace0c732f5732584fe7eac2635546f10df2bd0ce0330a9d3730016d.The
- https://microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fBunitu.
- http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf.
- http://clonezilla.org
- https://www.fogproject.org
- https://isc.sans.edu/diary/4147.
- https://en.wikipedia.org/wiki/Preboot_Execution_Environment.
- http://www.faronics.com/products/deep-freeze
- http://horizondatasys.com
- https://technet.microsoft.com/en-us/library/cc962614.aspx.In
- http://brbbot.zip
- http://sourceforge.net/projects/pev.
- http://www.mcafee.com/us/downloads/free-tools/bintext.aspx.
- http://split-code.com/strings2.html.
- https://www.winitor.com
- http://pescanner.py
- https://github.com/guelfoweb/peframe,
- https://github.com/hiddenillusion/AnalyzePE/blob/master/pescanner.py.As
- http://ntinfo.biz
- http://www.exeinfo.xn.pl
- http://aluigi.altervista.org/mytoolz.htm
- http://pev.sf.net
- https://katjahahn.github.io/PortEx
- http://mas.py
- https://git.korelogic.com/mastiff.git
- http://www.sno.phy.queensu.ca/~phil/exiftool
- http://mark0.net/soft-trid-e.html
- https://github.com/viper-framework/viper
- http://processhacker.sourceforge.net
- https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx.
- https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx.
- http://www.procdot.com
- https://sourceforge.net/projects/regshot.Wireshark
- https://www.wireshark.org
- http://www.nirsoft.net/utils/tcp_log_view.html,
- https://technet.microsoft.com/en-us/library/cc960241.aspx
- http://brb.3dtuts.by
- https://code.activestate.com/recipes/491264-mini-fake-dns-server.When
- http://google.com
- http://win10.ipv6.microsoft.com
- http://officeclient.microsoft.com
- http://v10.vortex-win.data.microsoft.com
- https://www.hex-rays.com/products/ida
- http://x64dbg.com
- https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit
- http://rada.re
- https://binary.ninja
- https://www.hopperapp.com
- https://msdn.microsoft.com/en-us/library/windows/desktop/aa365467
- https://msdn.microsoft.com/en-us/library/windows/desktop/aa365467.aspx
- https://msdn.microsoft.com/en-us/library/windows/desktop/aa379913.aspx
- http://www.rohitab.com/apimonitor
- http://encoded.rawtranslate.py
- https://www.linuxjournal.com/content/doing-reverse-hex-dump
- http://translate.py
- https://blog.didierstevens.com/programs/translate.
- http://talonstamed.com
- http://www.inetsim.org
- https://talonstamed.com/images/1m6r.exeinfo:
- https://talonstamed.com/images/1m6r.exe.One
- https://www.telerik.com/download/fiddler.
- https://techanarchy.net/2013/10/inetsim-and-ip-addresses.
- https://nmap.org/ncat
- http://getdown.zip
- http://www.nirsoft.net/utils/tcp_log_view.html.
- http://www.novirusthanks.org/products/pe-capture.ApateDNS
- https://www.fireeye.com/services/freeware/apatedns.html.FakeNet-NG
- https://github.com/fireeye/flare-fakenet-ng.
- http://zeltser.comzeltser.com/blogTwitter:
- http://sans.org
- http://RESOURCESdigital-forensics.sans.org
- Show all