Overview

overview

7

Static

static

3

2K.pdf.lnk

windows7-x64

3

2K.pdf.lnk

windows10-2004-x64

7

wH/Ma/O5t/...uz.dll

windows7-x64

3

wH/Ma/O5t/...uz.dll

windows10-2004-x64

3

wH/Ma/O5t/...UU.pdf

windows7-x64

1

wH/Ma/O5t/...UU.pdf

windows10-2004-x64

1

wH/Ma/O5t/...nt.exe

windows7-x64

wH/Ma/O5t/...nt.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NUR.zip

  • Size

    890KB

  • MD5

    b1cf00bd0630f18d0c5e739c4f18c1f7

  • SHA1

    1870254c3d0ea9d8f1ffc46c8fbd023faff362d7

  • SHA256

    69c07c27447a79cb79b3be39c45383df2ef93eaa4a4e206016e376586c522a20

  • SHA512

    d97f236103c0151e5294e839ff38b5f95a0b17d6a032a435d6b1f737ae43d954fe80171986de1f83bfccd3c0b484c673835357af831b3b05ff09decbebf1ed2c

  • SSDEEP

    24576:tO6b9/t2xVpwFWszi//Qzp2oqINEPPmAGcthnXOQp:s6p/A7Z0soUoqhPPK4lXlp

Score
3/10
pdflink

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • NUR.zip
    .zip

    Password: 678

  • 2K.pdf.lnk
    .lnk
  • wH/Ma/O5t/5vTM/BXv/0ne/dK7W/Rp/RVp/ty/elqz/xqY/T57/Fv/DxJ.sct
  • wH/Ma/O5t/5vTM/BXv/0ne/dK7W/Rp/RVp/ty/elqz/xqY/T57/Fv/Wpl7uz.log
    .dll windows:6 windows x86

    Password: 678

    d7637d01603047c46356b8ae53adf518


    Headers

    Imports

    Exports

    Sections

  • wH/Ma/O5t/5vTM/BXv/0ne/dK7W/Rp/RVp/ty/elqz/xqY/T57/Fv/YqUGSlxUU.pdf
    .pdf

    Password: 678

    • http://www.benefits.ml.com

  • wH/Ma/O5t/5vTM/BXv/0ne/dK7W/Rp/RVp/ty/elqz/xqY/T57/Fv/ntprint.exe
    .exe windows:10 windows x64

    Password: 678

    598ca250c4ce0ed92cfa650d081ad874


    Headers

    Imports

    Sections