CFDI042024983859304406494[.]pdf[.]vhd

Sharing

Copy URL Twitter E-mail

General

Target

CFDI042024983859304406494.pdf.vhd
Size

6.0MB
MD5

bd08fc4970c678888a8b0632081005b4
SHA1

99fdf82ce46280a21080ca1e902599e628f89215
SHA256

426fdf1809090a5cc355d8b0e5dbb766812c16be1302616e4b8c620d82bc51fe
SHA512

b4ea3a4b7e4ff467ce7e0c65976ce8ed4b7284a3d0818e66d03c52720dfe83424910390219c4e69142219fa7707b28c43dcca3832989f109182427341261e212
SSDEEP

12288:MmTHNXNZDbiArSsDTRkWazhJrFAseE04JAjsIPR+dwPCQLTX4yF9FbmSYh9IIDy:Mm7N9/rSGpaVOEl6sIPCcL7Fy3

Score

4^/10

pdf link qr

Malware Config

Signatures

PDF has QR code that contains a HTTP URL
PDFs with URL QR codes are often used for phishing
pdf qr
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/CFDI042024983859304406494/CFDI042024983859304406494.dll

Files

CFDI042024983859304406494.pdf.vhd
.vhd
out.vhd
.vhd
CFDI042024983859304406494.pdf.lnk
.lnk
CFDI042024983859304406494/CFDI042024983859304406494.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

Y9C x]3W
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CFDI042024983859304406494/CFDI042024983859304406494.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:12B4-2D5F-87D4,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb
Signer

Actual PE Digest

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb

Digest Algorithm

sha256

PE Digest Matches

true

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce
Signer

Actual PE Digest

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CFDI042024983859304406494/CFDI042024983859304406494.exe.config
.xml
CFDI042024983859304406494/CFDI042024983859304406494.pdf
.pdf
- http://rosys.com.mx
- https://verificacfdi.facturaelectronica.sat.gob.mx/default.aspx?&id=C5250FFD-169A-024B-8587-8B18E1729A64&re=FCL930427AN8&rr=MCE7409273T3&tt=12258.880000&fe=cVNn0A==
System Volume Information/IndexerVolumeGuid
System Volume Information/WPSettings.dat

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

Y9C x]3W Size: 477KB - Virtual size: 477KB

.text Size: 86KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 918B

Size: 512B - Virtual size: 144B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bcCertificate

Extended Key Usages

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bbSigner

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ceSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 223KB - Virtual size: 222KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 12B

Y9C x]3W
Size: 477KB - Virtual size: 477KB

.text
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 918B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bc
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb
Signer

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce
Signer

.text
Size: 223KB - Virtual size: 222KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 12B