General

  • Target

    Leonardo_Al.zip

  • Size

    113.7MB

  • MD5

    bd7907bdada13292c0e01e5d5b7f523a

  • SHA1

    d9196a3dfb8d2b08dd977f03fb70776a481ed492

  • SHA256

    633d5f336758fb117aa71edf1871c393c9fe3313abe61bec31974638ed9d7ce8

  • SHA512

    d62d822ab3591e6cdc6db06b1d215b7856fab08d28ffa62df5147ec1f3117c633505998243258815e7d47c0b5b8c8c6e556c9bd023f51a7608e0ed6ae9dac5e3

  • SSDEEP

    3145728:uM/VFo4s+NLcAt6M7/BeP6W4iEwkD671YX3yWUTB:zmtoLcAt6+4PLEwkG7hWa

Score
6/10

Malware Config

Signatures

  • Malformed or missing cross-reference table in PDF

    Malformed or missing cross-reference tables are often used to evade detection

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Leonardo_Al.zip
    .zip

    Password: leonardo

  • Leonardo_Al/LeonardoAl_Setup.exe
    .exe windows:6 windows x86 arch:x86

    Password: leonardo

    5419c6d0b7a37c6f48c0d961a0d909db


    Code Sign

    Headers

    Imports

    Sections

  • Leonardo_Al/Update_Leo.inf
    .pdf
  • Leonardo_Al/g2m.dll
    .dll regsvr32 windows:6 windows x86 arch:x86

    Password: leonardo

    0d4e155ed7c21a6b1640ba64f6bb0aaa


    Headers

    Imports

    Exports

    Sections