General

  • Target

    3e10ef0f6593496075ffea9885da9212

  • Size

    373KB

  • MD5

    3e10ef0f6593496075ffea9885da9212

  • SHA1

    da7183be6518f590914ff34ddc5d9474a00f7276

  • SHA256

    8eabbf6debc3a8d52b26edd5e04ece5187ffaa3a38c9317c843d140f98459cb4

  • SHA512

    b00c56ce6bcf1b98babb587317ab2844216450b707fa5d98e7f09545e9e5c1f4a774f9bfe6a761f1f7f567538b4d92f88ea4d4bbacb70d1e7b1cb9b4201477a4

  • SSDEEP

    6144:y20KXlCCx6nVWd3bHoeGz70EqrfE51amBbCEOYgCpoyGXdr+zjkhxpZ2I6yFytAh:yU6VEbH6zojrf41aUbFRonXdrj1/Itbs

Score
3/10

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3e10ef0f6593496075ffea9885da9212
    .rar
  • F-130x1/Moaphie/Monalisa.zip
    .zip
  • Monalisa/Kaifa.vbw
  • Monalisa/MSNFake.frm
  • Monalisa/Main.frm
    .vbs
  • Monalisa/Main.frx
  • Monalisa/Monalisa.vbp
  • Monalisa/socket.bas
  • Monalisa/virLoad.bas
  • F-130x1/Moaphie/nippy.c
  • F-130x1/Moaphie/ron.c
  • F-130x1/Robin/APIHook.txt
  • F-130x1/Robin/EPO_in_C.txt
  • F-130x1/Robin/ProcessList.txt
  • F-130x1/Robin/RemoteAudoDelete.txt
  • F-130x1/Robin/ReverseBit.txt
  • F-130x1/Robin/RobinPETool.txt
  • F-130x1/Robin/SearchingFile.txt
  • F-130x1/lclee_vx/F13OligomorphicVirus.rar
    .rar
  • F13OligomorphicVirus/F13OligomorphicVirus.pdf
    .pdf
    • http://yahoo.com

    • http://f13.host.sk

    • http://helppc.zip

    • http://match....ok...next

    • http://securityresponse.symantec.com/avcenter/venc/data/w32.cleevix.html

  • F-130x1/lclee_vx/F13ScanApi.rar
    .rar
  • F13ScanApi/F13ScanApi.pdf
    .pdf
    • http://vxer.blogspot.com

    • http://f13.host.sk

    • http://match....ok...next

    • http://yahoo.com

  • F-130x1/lclee_vx/F13W32Virus.rar
    .rar
  • F13W32Virus/F13W32Virus.pdf
    .pdf
    • http://yahoo.com

    • http://f13.host.sk

    • http://helppc.zip

    • http://win32assembly.online.fr/pe-tut1.html

    • http://msdn.microsoft.com/msdnmag/issues/02/02/PE/default.aspx

    • http://jfmasmtuts.blowsearch.ws/Ch2/pefile.htm

    • http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.w32.1.html

  • F-130x1/lclee_vx/Lychan_lclee_vx.htm
    .html
  • F-130x1/lclee_vx/RetrieveKernelAddress_asm.htm
    .html
  • F-130x1/lclee_vx/ScanApiChecksum_asm.htm
    .html
  • F-130x1/lclee_vx/Win32_Ceel_a_asm.htm
    .html
  • F-130x1/lclee_vx/Win32_lychan_asm.txt
  • F-130x1/lclee_vx/lychan.asm
  • F-130x1/wargame/SkypeWormGenerator.zip
    .zip
  • SkypeWormGenerator.exe
    .exe .vbs windows:4 windows x86 arch:x86 polyglot

    bac4ceccda08417a1d9fbbcef38a7f6a


    Headers

    Imports

    Sections

  • F-130x1/wargame/skwg_02.zip
    .zip