PDF[.]rar | Triage

Sharing

General

Target

PDF.rar
Size

205KB
MD5

23adf2753e354c84c56d988ea151f6d7
SHA1

42aebbfde9f34ff4a2f9e1fe118f55f4bad6e5df
SHA256

0cc3d1184459ede431afbaf85d0c6ac12f065a9d2e25488e937fb9d8a54c2633
SHA512

4679f81f276a27e89d2d36982315dcb9f81283d75a1eb9881aab6a41949c11d8704b3ba99a8ce0c2f26a236e8e185f301d9de350489b046a1535977e2cc4c5cb
SSDEEP

6144:wN/zsd97p1rbPIfABaKOYxFsQdZGvIU7R:wpzs37DPIfABa6hgIU7R

Score

6^/10

pdf link javascript

Malware Config

Signatures

PDF contains JavaScript
Detects presence of JavaScript in PDF files.
pdf javascript
PDF contains one or more embedded files
Detects presence of embedded files in PDF files.
pdf
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/informe_payload.pdf

Files

PDF.rar
.rar
analisis.pdf
.pdf
- http://maldev.pcte.co
informe_payload.pdf
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 893B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ