a9c890d9b742c602cfcc29cfd9b54c3cdec5e12945c09765321a1bc872d9df4f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9c890d9b742c602cfcc29cfd9b54c3cdec5e12945c09765321a1bc872d9df4f
Size

4.3MB
MD5

3d46f1547bbebf1581330584399cef66
SHA1

5a0c3f5567f73d1c64563f98b5906a34409f0f63
SHA256

a9c890d9b742c602cfcc29cfd9b54c3cdec5e12945c09765321a1bc872d9df4f
SHA512

81df0d18fb06a9946ea46fd7d2f63156c6fc713a4544b716e131b15082b9f9a92e1272e07cad84762eeda9923a7527298b004bdf26b6d42d82f770e2fb4a08bd
SSDEEP

98304:/up0ebuYUFTjBHs3fl8fSoDfFNuk+2q0aQ4nawhpfgTTnFox26J+:s4FfBHs3f+SQNukq9nff+TnuxPJ+

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

resource	yara_rule
static1/unpack001/LazyPressing v1.35/Read ME.pdf	pdf_with_link_action

Files

a9c890d9b742c602cfcc29cfd9b54c3cdec5e12945c09765321a1bc872d9df4f
.zip
LazyPressing v1.35/800x600.reg
LazyPressing v1.35/LazyPressing v1.35.exe
.exe windows x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xuowdika
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bewybprg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LazyPressing v1.35/Read ME.pdf
.pdf