Extracted

• • Target

    827615424_PDF_parsed.exe

  • Size

    1.5MB

  • MD5

    cd33f6e84ebfe15dab41be1319122907

  • SHA1

    bff44bfcd5d534a2ce2ea8cab944391e7f55abc1

  • SHA256

    db222538ebb97c259d49917f7fdb5f7b38470fe96c38f190d0a2d79bcab1fb7a

  • SHA512

    6e664b00d9b7afb44e5559b7b152a742979c2a132857aa7eb94edb0ff22c75ad193c7eb5bb7dfb8071a79d480985c9b2b16550504632d9086814c10d02168a6b

  • SSDEEP

    49152:Vnm4UcmDYIbFaTI39LMK44bFh1DgtJaJk4UUUUUJUUUUUU:x6blbku9Le4bFhuO1UUUUUJUUUUUU

  Score

  10^/10

  bitrattrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2