CFDI042024983859304465214[.]pdf[.]vhd

Sharing

Copy URL

Twitter E-mail

General

Target

CFDI042024983859304465214.pdf.vhd
Size

6.0MB
MD5

7e6a2f3c0204a15f74c766ce8295b4b6
SHA1

ed301f424b22e7a46c4bd5610b0931d7e9190878
SHA256

8522815960367a855d86a7a220ffb86d4cdc68d70a8bd30643c924bde6231557
SHA512

a7893d5c3e9c9543927268dad4187bf6928036e569dc74f568e6d3430b10b88b16d96e0d6a89a051fc1abfbc6b817b6af917fd3af701b279a7599a71bd1892ac
SSDEEP

24576:Gm7N9/rSxFguQKXKDZxPGCfGJNu1xZB/7:NxlqgTtZxPlIur/

Score

4^/10

pdf link qr

Malware Config

Signatures

PDF has QR code that contains a HTTP URL
PDFs with URL QR codes are often used for phishing
pdf qr
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/CFDI042024983859304465214/CFDI042024983859304465214.dll

Files

CFDI042024983859304465214.pdf.vhd
.vhd
out.vhd
.vhd
CFDI042024983859304465214.pdf.lnk
.lnk
CFDI042024983859304465214/CFDI042024983859304465214.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

6nN|<
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CFDI042024983859304465214/CFDI042024983859304465214.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:12B4-2D5F-87D4,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:11

Not After

26-07-2019 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:08

Not After

26-07-2019 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb
Signer

Actual PE Digest

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb

Digest Algorithm

sha256

PE Digest Matches

true

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce
Signer

Actual PE Digest

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CFDI042024983859304465214/CFDI042024983859304465214.exe.config
.xml
CFDI042024983859304465214/CFDI042024983859304465214.pdf
.pdf
- http://rosys.com.mx
- https://verificacfdi.facturaelectronica.sat.gob.mx/default.aspx?&id=C5250FFD-169A-024B-8587-8B18E1729A64&re=FCL930427AN8&rr=MCE7409273T3&tt=12258.880000&fe=cVNn0A==
System Volume Information/IndexerVolumeGuid
System Volume Information/WPSettings.dat

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

6nN|< Size: 477KB - Virtual size: 477KB

.text Size: 86KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 918B

Size: 512B - Virtual size: 144B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bcCertificate

Extended Key Usages

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bbSigner

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ceSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 223KB - Virtual size: 222KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 12B

6nN|<
Size: 477KB - Virtual size: 477KB

.text
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 918B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bc
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb
Signer

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce
Signer

.text
Size: 223KB - Virtual size: 222KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 12B