Overview

overview

8

Static

static

3

682ad0de22...4e.pdf

windows7-x64

1

682ad0de22...4e.pdf

windows10-2004-x64

1

document.js

windows7-x64

8

document.js

windows10-2004-x64

8

document2.js

windows7-x64

8

document2.js

windows10-2004-x64

8

fa6d6f234e...77.pdf

windows7-x64

1

fa6d6f234e...77.pdf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    icedid_pdf_js_0505.zip

  • Size

    124KB

  • MD5

    520c542229f7784911869150478fc583

  • SHA1

    9fd13790d306c6bedca772bf94ce058b57150d06

  • SHA256

    39f5470d332d00b8743ffb22bf452c8de8411148298b226b627347917b6c76c4

  • SHA512

    d2818bf50a10338084ebdfcde1215eab9b69dbeb770d43b82f7cb5a50f34cdb0bcf60cdb24e206ffa3ba87d7a5c46b0bb579680ba77d175b468348ddc261d5c3

  • SSDEEP

    3072:0/ooEw+IEiyDmHUr30VOovWYyyeV5gmCwJFMk21PtuNL3mO+g8:ZM+IVy4hko0ye1tFM1PtSF98

Score
3/10
pdflink

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • icedid_pdf_js_0505.zip
    .zip

    Password: infected

  • 682ad0de222b1f8763ef3022ec51aaffb1ab87260ec9ed7b7b8280b91c174d4e.pdf
    .pdf

    Password: infected

    • http://74.119.194.93/lndex.php

  • document.js
    .js
  • document2.js
    .js
  • fa6d6f234e5920c6206334ccf06a4349cfd8d3a774722e6257a30a4d1756f277.pdf
    .pdf

    Password: infected

    • http://74.119.194.92/lndex.php