6cf19d7eee4ff4da8a79fb8dab15f99e[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

6cf19d7eee4ff4da8a79fb8dab15f99e.bin
Size

374KB
MD5

6cf19d7eee4ff4da8a79fb8dab15f99e
SHA1

3eb3ab9d77c3d7f090a53901f39763c5982e5873
SHA256

13359f410a45b46e21b37640edb1fabe71d44f503425b019406cd4d8e1d15d5d
SHA512

3a2cf7a10d85cf0c89ed2c721c7c7da2c88934ab35bf03e6848b9fc1d2177211e0bd42bc68a0d819999e974e4c22caac95ae51017deba24dd777573a64ef1ba6
SSDEEP

6144:pujyZxTqLQsg6aR54kuBceXEr74grSV17hRQSlneWt2NFnBIyPj:Qe7T96dZXw4g45/QSlefNFnqyr

Score

6^/10

pdf link javascript

Malware Config

Signatures

PDF contains JavaScript
Detects presence of JavaScript in PDF files.
pdf javascript
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/c897c784626cb3d7748dc94bf3401205aa785efcef10a1e5534def1ab68a2f6f.dll
unpack001/f28ca289207dfe7c79f3eca130f2a340bbc260c9818b5f5d7b94a3304a9fd4b1.exe

Files

6cf19d7eee4ff4da8a79fb8dab15f99e.bin
.zip

Password: infected
1ad4e8a66682dfe74980ee99186517e25a81bd2bf00aafbbafbadc3a63cdd4bf.ps1
.ps1
40dd947539ce0ad32b96f9328c11fced3b4ba423103fb2fbd8cd0497f6be61bd.unknown
8f8264c173e6d036e87b706dbb87e3036ae17df32e53a683c87bff94fce2c242.pdf
.pdf
Password: infected
- https://bit.ly/newbookingupdates
a5c406f287b82099796d52cf8edbeec9b6188b3b23b12bf5e2b2b3556c94ec65.exe
b7b62436f18ee4fa5b210d099271976d9a7b02dcce605703358a8c68372de063.elf
.elf linux arm
c897c784626cb3d7748dc94bf3401205aa785efcef10a1e5534def1ab68a2f6f.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f1b2760487007b7db9e7545ee85deafba0e18859d7e43988f2c623cab2793439.exe
f28ca289207dfe7c79f3eca130f2a340bbc260c9818b5f5d7b94a3304a9fd4b1.exe
.exe windows:4 windows x86 arch:x86

Password: infected

5fb55a8cf9e366e92e6438ce6e27e358

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaResume
__vbaCopyBytes
__vbaStrCat
__vbaError
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
ord558
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
ord593
__vbaVarForInit
__vbaExitProc
__vbaForEachCollObj
ord594
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
__vbaBoolVar
__vbaStrFixstr
ord520
__vbaFpR8
_CIsin
ord709
__vbaErase
ord631
ord525
ord632
__vbaNextEachCollObj
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord563
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
ord601
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord712
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
ord531
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord535
__vbaI2Var
__vbaLsetFixstrFree
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaVar2Vec
__vbaVarLateMemCallLdRf
ord570
__vbaNew2
ord648
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaVarCopy
ord617
__vbaVarSetObjAddref
__vbaLateMemCallLd
__vbaR8IntI2
__vbaRecDestructAnsi
_CIatan
ord618
__vbaAryCopy
__vbaStrMove
__vbaStrVarCopy
ord619
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj
__vbaRecAssign
ord581

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 680B

.reloc Size: 512B - Virtual size: 12B

Password: infected

5fb55a8cf9e366e92e6438ce6e27e358

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 64KB - Virtual size: 62KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 680B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 64KB - Virtual size: 62KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 28KB - Virtual size: 25KB