Overview

overview

10

Static

static

3

bc270596cb...28.exe

windows7-x64

10

bc270596cb...28.exe

windows10-2004-x64

10

dll.bat

windows7-x64

10

dll.bat

windows10-2004-x64

10

dll.exe

windows7-x64

7

dll.exe

windows10-2004-x64

7

syslog-ng-book.pdf

windows7-x64

1

syslog-ng-book.pdf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    bc270596cb7606cebfcba61c214dd928

  • Size

    1.7MB

  • MD5

    bc270596cb7606cebfcba61c214dd928

  • SHA1

    bdbe479ce6e9e1b2124ae41635668e74d0b5e042

  • SHA256

    6ad09cbf78d08b470a4ecc419d722009c6911056212517ab0c866cb4e13ee44c

  • SHA512

    3af98802ae8d6fd12d80fc6eab5b118dccc3eeb14150a1f9ecb37879a57a3a4a627d2926bb5de4357e62b27fc595c6e689a0117051620b6e47bc900ac0be1bb2

  • SSDEEP

    49152:KMznDiAjmlQ3GiS/aKfkqh2YH7+zbjLsfYEt/a1g7L6pW:K0igGiS/f9CPara1hW

Score
3/10
pdflink

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • bc270596cb7606cebfcba61c214dd928
    .exe windows:4 windows x86 arch:x86

    29b61e5a552b3a9bc00953de1c93be41


    Headers

    Imports

    Sections

  • dll.bat
  • dll.exe
    .exe windows:6 windows x64 arch:x64

    97127a290a53cac2cc926877788cd459


    Code Sign

    Headers

    Imports

    Sections

  • dll.exe.manifest
  • syslog-ng-book.pdf
    .pdf

    • http://atsi.or.th

    • http://gmail.com

    • http://log.sample.co.th

    • http://sshd.pid

    • http://ssh_host_rsa_key.pub

    • http://ssh_host_dsa_key.pub

    • http://pam_wheel.so

    • http://www.ssh.com

    • http://time.navy.mi.th

    • Show all