pdf[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pdf.7z
Size

15.2MB
MD5

670d27869fdb1ea77cdd8794c3444d40
SHA1

8470dd8b4d8962abf511301570b68a1c8340ab38
SHA256

90c7e046b2f1f73d61938f14f85a71ad225d517dca264fbab9587f17c854340c
SHA512

6a6429ba9a4bdd06fd2e3fee06692ccc27878da43101391b86ed3d16b2e66a6f80f095a57f5d18fd00035c04b7e8fc350341cc51b5eac71b8dae579d536927fe
SSDEEP

196608:Q2leAT5PlPD8gWzoRtjFUMKBr9taFLMHrppk1uKQAKYDCpgQFyYO7mb97sySzuG/:btbU8jFUHh9saHruu1AKwKEsxRG4Scw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/pdf.exe

Files

pdf.7z
.7z

Password: infected
pdf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15.3MB - Virtual size: 15.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ