General

  • Target

    16461695585.zip

  • Size

    113.8MB

  • MD5

    5ec721b44ba7b7951f6ecabed84ae540

  • SHA1

    c58e74ac47166bd93be51883d5062d75504978cc

  • SHA256

    6a5b162209ae004d9f3406fe9a6efff71388bdb2b40b377b168c17cd7e967fef

  • SHA512

    266b49353be111267df56886132945d7df2f829a1b4d1ceeb17062d031094f4a2b6b0af177ec4bb66ee5c11941ba1d3ddd32072246b9dfb62afcf4925447747c

  • SSDEEP

    1572864:Ggil7aO8NDnY+eAyW7PQfIUME2vCICvGVwDJr4gNzCccH6GuPh1IAyb1D5kRGbZF:W8NDMAN7PQfIA2vC44Jr4Pa7p+bIu

Score
6/10

Malware Config

Signatures

  • Malformed or missing cross-reference table in PDF

    Malformed or missing cross-reference tables are often used to evade detection

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 16461695585.zip
    .zip

    Password: infected

  • 932ccf6f52f0901fcda4b060793cf519f3b8940a2abfb2dc06931397111cd64d
    .zip
  • 1099Misc.inf
    .pdf
  • TAX Organizer.exe
    .exe windows:6 windows x86 arch:x86

    5419c6d0b7a37c6f48c0d961a0d909db


    Code Sign

    Headers

    Imports

    Sections

  • g2m.dll
    .dll regsvr32 windows:6 windows x86 arch:x86

    0d4e155ed7c21a6b1640ba64f6bb0aaa


    Headers

    Imports

    Exports

    Sections