Overview

overview

7

Static

static

6

informe_payload.exe

windows7-x64

7

informe_payload.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PDF-EXPLOIT.zip

  • Size

    206KB

  • MD5

    b621859eed4b3e0cd52ea9c354760690

  • SHA1

    af729bcc3574ab61ccc52a26f48dd1c59a482470

  • SHA256

    1407e6555895344dc050f0c4bda95a93c3703f0e94a8a1b64fa55b17f08d6182

  • SHA512

    a657e860b5b38592841ea9a7aa56d2ca4f67249490f95543b50122b36bedec23ffaf3d7517c85c558ca15e0b5a5a3dafcb648f4a7e22aacc537f02c5e9eaa63c

  • SSDEEP

    3072:e4WZEMV+vrLR4YvQmGphyqsQFtV/nrgHc0l8BUarr36Zd+GyQVwyD/rvkQ5IfFNW:eZZENF7g95L/rgHv+qarr6HVwy+LWYer

Score
6/10
pdflinkjavascript

Malware Config

Signatures

  • PDF contains JavaScript

    Detects presence of JavaScript in PDF files.

    pdfjavascript
  • PDF contains one or more embedded files

    Detects presence of embedded files in PDF files.

    pdf
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • PDF-EXPLOIT.zip
    .zip

    Password: qm

  • PDF.rar
    .rar

    Password: qm

  • analisis.pdf
    .pdf

    Password: qm

    • http://maldev.pcte.co

  • informe_payload.pdf
    .exe windows:4 windows x86 arch:x86

    Password: qm


    Headers

    Sections