4d8859e531c37145d4f76bb5c6fac0e5

Sharing

Copy URL

Twitter E-mail

General

Target

4d8859e531c37145d4f76bb5c6fac0e5
Size

1.7MB
MD5

4d8859e531c37145d4f76bb5c6fac0e5
SHA1

8852152169ad03d726288906c846812b29415764
SHA256

e596bae812faba75832387009ee2dac1dbff5491d352951b0f1e66342dfe2b26
SHA512

75a22cf397f6e0e3289fbe07f7f8bf096ba204e146f17d41894285981abde4c51f17f184255c181e47228aa0f766ebbfd7db0f5202c6938a56ee5c5ed35d0469
SSDEEP

24576:kKlnsRB1ERiy/OJ6VZPSRbuUe9+t0zRJqNaonwzgfR+HkE2fNe14E2YDmU1PbxIW:k2nsIiuOgiRuH0t0zLNPycl+MZ7CuP7

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HDDScan_v31/HDDScan/HDDScan.exe

Files

4d8859e531c37145d4f76bb5c6fac0e5
.zip
HDDScan_v31/HDDScan/DEFECTSL.xslt
.xml
HDDScan_v31/HDDScan/DEFECTSP.xslt
.xml
HDDScan_v31/HDDScan/GREEN.ico
HDDScan_v31/HDDScan/HDD.jpg
.jpg
HDDScan_v31/HDDScan/HDDScan-eng.pdf
.pdf
- http://hddscan.ru/
- http://hddscan.com/
- http://www.alphaskins.com/asdwnld.php
- http://hddscan.ru
- http://hddscan.com
HDDScan_v31/HDDScan/HDDScan-rus.pdf
.pdf
- http://hddscan.ru/
- http://hddscan.com/
- http://www.alphaskins.com/asdwnld.php
- http://hddscan.ru
- http://hddscan.com
HDDScan_v31/HDDScan/HDDScan.exe
.exe windows:4 windows x86 arch:x86

96a92f50daa5d7e24f0dffbec7fbec89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

CreateStreamOnHGlobal

comctl32

UninitializeFlatSB

urlmon

CoInternetCreateZoneManager

wininet

InternetSetOptionA

shell32

Shell_NotifyIconA

comdlg32

GetSaveFileNameA

setupapi

SetupDiGetDeviceRegistryPropertyA

msimg32

GradientFill

Sections

.text
Size: 618KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HDDScan_v31/HDDScan/IDEID.xslt
.xml
HDDScan_v31/HDDScan/RED.ico
HDDScan_v31/HDDScan/SCSIID.xslt
.xml
HDDScan_v31/HDDScan/SMART.xslt
.xml
HDDScan_v31/HDDScan/SMART_SCSI.xslt
.xml
HDDScan_v31/HDDScan/TEST.xslt
.xml
HDDScan_v31/HDDScan/YELLOW.ico
HDDScan_v31/HDDScan/what's new - eng.txt
HDDScan_v31/HDDScan/what's new - rus.txt

Sharing

General

Malware Config

Signatures

Files

96a92f50daa5d7e24f0dffbec7fbec89

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

user32

gdi32

version

ole32

comctl32

urlmon

wininet

shell32

comdlg32

setupapi

msimg32

Sections

.text Size: 618KB - Virtual size: 2.1MB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 618KB - Virtual size: 2.1MB

.rsrc
Size: 16KB - Virtual size: 16KB