Overview

overview

10

Static

static

7

malware-sa...re.exe

windows7-x64

8

malware-sa...re.exe

windows10-2004-x64

8

malware-sa...re.exe

windows7-x64

8

malware-sa...re.exe

windows10-2004-x64

8

malware-sa...re.exe

windows7-x64

10

malware-sa...re.exe

windows10-2004-x64

10

malware-sa....2.exe

windows7-x64

1

malware-sa....2.exe

windows10-2004-x64

3

malware-sa...er.exe

windows7-x64

1

malware-sa...er.exe

windows10-2004-x64

3

malware-sa...nt.exe

windows7-x64

1

malware-sa...nt.exe

windows10-2004-x64

3

malware-sa...re.exe

windows7-x64

1

malware-sa...re.exe

windows10-2004-x64

3

malware-sa...xe.dll

windows7-x64

10

malware-sa...xe.dll

windows10-2004-x64

10

malware-sa...re.exe

windows7-x64

10

malware-sa...re.exe

windows10-2004-x64

10

malware-sa...re.exe

windows7-x64

8

malware-sa...re.exe

windows10-2004-x64

8

malware-sa...re.exe

windows7-x64

8

malware-sa...re.exe

windows10-2004-x64

8

malware-sa...re.exe

windows7-x64

7

malware-sa...re.exe

windows10-2004-x64

7

malware-sa...re.exe

windows7-x64

1

malware-sa...re.exe

windows10-2004-x64

3

malware-sa...re.exe

windows7-x64

7

malware-sa...re.exe

windows10-2004-x64

7

malware-sa...re.exe

windows7-x64

7

malware-sa...re.exe

windows10-2004-x64

7

malware-sa...01.exe

windows7-x64

8

malware-sa...01.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    280f7cdf2a7199d985cbccd496e231ec

  • Size

    11.1MB

  • MD5

    280f7cdf2a7199d985cbccd496e231ec

  • SHA1

    acef7976e12fbe61ace76168b626900311908b76

  • SHA256

    891b16ca9cfe2d67ef4d4817ecd7e0c0e775fc031b5d9e20b03a61298a33f0cb

  • SHA512

    67f1ff549e3f9a4e0f30a07b5ab84ed320709cf4f8ba33e82c1443ec99e0ccb232105aa073c8b0bfbd4dc79601debb1a1c48184ac4bdf335b07c79de0167f837

  • SSDEEP

    196608:+85Slb5dj8e+aAO+JKBmZo8rZw39je3AIX6/ewUikXuEn0IB+1uJYvUbZjxRBfj:+YSd5dP+aAOgtZw39j3R/ewgeEn0IBgm

Score
7/10
pdflinkupx

Malware Config

Signatures

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 22 IoCs

    Checks for missing Authenticode signature.

Files

  • 280f7cdf2a7199d985cbccd496e231ec
    .zip

    Password: infected

  • malware-samples_password-is-infected/Darkshell/malware.exe.xex
    .exe windows:4 windows x86 arch:x86

    3bf27b83e0c98731800c31d3281c474f


    Headers

    Imports

    Sections

  • malware-samples_password-is-infected/Hydraq/malware.exe.xex
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • malware-samples_password-is-infected/IMworm/malware.exe.xex
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • malware-samples_password-is-infected/PoisonIvy/Poison Ivy 2.3.2.exe.xex
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • malware-samples_password-is-infected/PoisonIvy/pi_keylogger.exe.xex
    .exe windows:4 windows x86 arch:x86

    f9ade0aa18f660a34a4fa23392e21838


    Headers

    Imports

    Sections

  • malware-samples_password-is-infected/PoisonIvy/piagent.exe.xex
    .exe windows:4 windows x86 arch:x86

    f9ade0aa18f660a34a4fa23392e21838


    Headers

    Imports

    Sections

  • malware-samples_password-is-infected/agobot/malware.exe.xex
    .exe windows:4 windows x86 arch:x86

    0d0651e260e70ebae4f7a8f3ad0b3f2d


    Headers

    Imports

    Sections

  • malware-samples_password-is-infected/conficker/malware.exe.xex
    .dll windows:4 windows x86 arch:x86

    6d1b56cfacd6aff46cef401168a8029b


    Headers

    Imports

    Sections

  • malware-samples_password-is-infected/eldorado/malware.exe.xex
    .exe windows:5 windows x86 arch:x86

    7abdafe83f887bf3c1003ed016a22a39


    Headers

    Imports

    Sections

  • malware-samples_password-is-infected/keylogger/malware.exe.xex
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • malware-samples_password-is-infected/lastgift/malware.exe.xex
    .exe windows:4 windows x86 arch:x86

    2722c4be0952ccc449e665c2c8245a51


    Headers

    Imports

    Sections

  • malware-samples_password-is-infected/nitol/malware.exe.xex
    .exe windows:4 windows x86 arch:x86

    5c3e10a987b50ba73dedb1405b42954b


    Headers

    Imports

    Sections

  • malware-samples_password-is-infected/onlinegames/1/malware.exe.xex
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • malware-samples_password-is-infected/onlinegames/2/malware.exe.xex
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • malware-samples_password-is-infected/parite/malware.exe.xex
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • malware-samples_password-is-infected/unknown/sample01.exe.xex
    .exe windows:4 windows x86 arch:x86

    3bf27b83e0c98731800c31d3281c474f


    Headers

    Imports

    Sections

  • malware-samples_password-is-infected/unknown/sample02.exe.xex
    .dll windows:4 windows x86 arch:x86

    6d1b56cfacd6aff46cef401168a8029b


    Headers

    Imports

    Sections

  • malware-samples_password-is-infected/unknown/sample03.exe.xex
    .pdf

    • http://www.iana.org/assignments/service

    • http://www.microsoft.com/security/portal/Threat/Encyclopedia/Glossary.aspx

    • http://www.virusbtn.com/resources/glossary/backdoor.xmlhttp://www.microsoft.com/security/portal/Threat/Encyclopedia/Glossary.aspx54See!notes!for!citationMalware!Terminology!Bot:!�A!malicious!program!installed!on!a!computer!that!is!part!of!a!bot!network!

    • http://www.microsoft.com/security/portal/Threat/Encyclopedia/Glossary.aspxhttp://en.wikipedia.org/wiki/Remote_administration_software

    • http://www.microsoft.com/security/portal/Threat/Encyclopedia/Glossary.aspx56See!notes!for!citationMalware!Terminology!Spyware:!�The!term!'spyware'!essentially!covers!any!software!that!gathers!information!and!passes!it!to!a!third!party!without!adequate!permission!from!the!owner!of!the!data.�!Adware:!�Adware!is!essentially!any!software!that!is!funded!by!advertising.�!Ransomware:!�A!type!of!malware!that!encrypts!files!on!a!victim's!system,!demanding!payment!of!a!ransom!in!return!for!the!access!codes!required!to!unlock!the!files.�http://www.virusbtn.com/resources/glossary/index

    • http://hexstr2ascii.py

    • http://compare_wordlist.py

    • http://Answers1.artmeis.3232.org

    • http://ddos.arbornetworks.com/2011/01/darkshell

    • Show all
  • malware-samples_password-is-infected/unknown/sample04.exe.xex
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • malware-samples_password-is-infected/unknown/sample05.exe.xex
    .docx .xex office2007