a93351aaee3ad5b5e34ef555912315cc7beab40b4ac0d20977b2f8e7e09a92a8

Sharing

Copy URL

Twitter E-mail

General

Target

a93351aaee3ad5b5e34ef555912315cc7beab40b4ac0d20977b2f8e7e09a92a8
Size

9.6MB
MD5

73d6fd5f282acd34b59bce59153fbf93
SHA1

39ead17bbc7bc3f5e1fd43311e73fe808366928d
SHA256

a93351aaee3ad5b5e34ef555912315cc7beab40b4ac0d20977b2f8e7e09a92a8
SHA512

c8185c7a3efa51aa4a7869dc7348fc1b9283f6761dcdc6dbc6bef7a5acb465336f9cea2d39b95fd0d526fb4435d8f3730ce4a81cd60d8939ed190ba052ce69ad
SSDEEP

196608:CrIYWV5l08p/2iFtpPfwCBk0FNhYfU8PwU0/7J3EagHs7LS+KTnlC9Jr:CvWVn//5F7PfwCB7FbQXwhlL/LSDTS9

Score

6^/10

pdf evasion

Malware Config

Signatures

Malformed or missing cross-reference table in PDF
Malformed or missing cross-reference tables are often used to evade detection
pdf evasion

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MobaXterm/MobaXterm_CHS.exe

Files

a93351aaee3ad5b5e34ef555912315cc7beab40b4ac0d20977b2f8e7e09a92a8
.zip
MobaXterm/CygUtils.plugin
MobaXterm/MobaXterm backup-DESKTOP-N5159OK.zip
.zip
MobaXterm.2020-08-03_17.21.ini
MobaXterm.2020-08-03_18.58.ini
MobaXterm.2020-08-04_10.54.ini
MobaXterm.2020-08-06_17.02.ini
MobaXterm.2020-08-07_17.41.ini
MobaXterm.2020-08-10_13.25.ini
MobaXterm.2020-08-10_18.29.ini
MobaXterm.2020-08-10_21.39.ini
MobaXterm.2020-08-11_18.28.ini
MobaXterm.2020-08-13_10.12.ini
MobaXterm.2020-08-17_23.05.ini
MobaXterm.2020-08-17_23.35.ini
MobaXterm.2020-08-18_10.19.ini
MobaXterm.2020-08-18_18.10.ini
MobaXterm.2020-08-20_18.01.ini
MobaXterm.2020-08-21_00.18.ini
MobaXterm/MobaXterm backup.zip
.zip
MobaXterm.2020-08-18_18.10.ini
MobaXterm.2020-08-20_18.01.ini
MobaXterm.2020-08-21_18.04.ini
MobaXterm.2020-08-27_10.10.ini
MobaXterm.2020-08-27_16.19.ini
MobaXterm.2020-08-28_15.17.ini
MobaXterm.2020-08-28_17.55.ini
MobaXterm.2020-09-01_15.13.ini
MobaXterm.2020-09-01_15.27.ini
MobaXterm.2020-09-01_18.03.ini
MobaXterm.2020-09-08_00.06.ini
MobaXterm.2020-09-09_13.51.ini
MobaXterm.2022-04-14_09.36.ini
MobaXterm.2022-04-14_09.54.ini
MobaXterm.2022-04-14_15.21.ini
MobaXterm.2022-04-18_18.03.ini
MobaXterm/MobaXterm-DESKTOP-N5159OK.ini
MobaXterm/MobaXterm.ini
MobaXterm/MobaXterm.log
MobaXterm/MobaXterm_CHS.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 162KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MobaXterm/Slot1Port0Hostnp1-0.1597095536361.pcap
MobaXterm/ips2.rules
.pdf
MobaXterm/key

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 5.9MB - Virtual size: 5.9MB

DATA Size: 536KB - Virtual size: 536KB

BSS Size: - Virtual size: 162KB

.idata Size: 19KB - Virtual size: 19KB

.tls Size: - Virtual size: 52B

.rdata Size: 512B - Virtual size: 512B

.reloc Size: - Virtual size: 341KB

.rsrc Size: 6.8MB - Virtual size: 6.8MB

CODE
Size: 5.9MB - Virtual size: 5.9MB

DATA
Size: 536KB - Virtual size: 536KB

BSS
Size: - Virtual size: 162KB

.idata
Size: 19KB - Virtual size: 19KB

.tls
Size: - Virtual size: 52B

.rdata
Size: 512B - Virtual size: 512B

.reloc
Size: - Virtual size: 341KB

.rsrc
Size: 6.8MB - Virtual size: 6.8MB