MDE_File_Sample_425f8c7cb14512e55f54e1af26e722213def91a3[.]zip

General

Target

MDE_File_Sample_425f8c7cb14512e55f54e1af26e722213def91a3.zip
Size

189KB
MD5

5e965e47bbb6e2f2139f91f81f572fdb
SHA1

d0ed39468887437a92e0e4f54c70d1386f672a0a
SHA256

2a50dc5ae8214e5f7d5c110569f36bfd6159ded749e8e3c97509910ad275fd36
SHA512

75b1ad6518ac15f8a2a437c52a1bd32d7e73381f1c0f8b576ed63a391958891cf74fc55f257355d41badce58af814dca2f3d451483b63ffb0c28105247440276
SSDEEP

3072:7oJSm870Qn2laBcZsTNvqNH3eF8D6K46KyT/vyvWupzi/YoOUxxQK781l7HZ45J1:7aSm8oqyaCCTNlPK41yTHlYfxxZE3

Score

4^/10

pdf link

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

resource	yara_rule
static1/unpack001/425f8c7cb14512e55f54e1af26e722213def91a3	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

MDE_File_Sample_425f8c7cb14512e55f54e1af26e722213def91a3.zip
.zip

Password: infected
425f8c7cb14512e55f54e1af26e722213def91a3
.pdf
Password: infected
- http://itsactivationserv.pe.hu/activate/OWA.html