Overview

overview

10

Static

static

10

evil.pdf

windows7-x64

10

evil.pdf

windows10-2004-x64

1

template.exe

windows7-x64

10

template.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    evil.pdf

  • Size

    45KB

  • MD5

    c6ca50ccdaf2ef75643219163577757b

  • SHA1

    7c14123f39d5c137e3d4412c392c962c29fcb7f7

  • SHA256

    d59e9f301dc89d6e45cd695d8274bcaac4ed6b745369c3455c4343fdc61819b4

  • SHA512

    d1c5ec9fa2ffa4f89e9658e0cc9b733f23c9e03252353eac9d7d1ade720af889ee950e1162be9e55c0a19fd678abd095e39e5fb6fe65542f55afd0b9729e24e2

  • SSDEEP

    768:cd/lECC1jelyqCs2u3jx/Top3CAzf2sNGA3TV3k+zmQpEXtUROwr4XGtLIbuXwkT:c8xoLCBuTqhTzuI3TVnJwwr8buXlZ

Score
10/10
pdfjavascriptmetasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

146.19.191.45:4444

Signatures

  • Metasploit family
    metasploit
  • PDF contains JavaScript

    Detects presence of JavaScript in PDF files.

    pdfjavascript
  • PDF contains one or more embedded files

    Detects presence of embedded files in PDF files.

    pdf
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • evil.pdf
    .pdf
  • template.pdf
    .exe windows:4 windows x86 arch:x86

    481f47bbb2c9c21e108d65f52b04c448


    Headers

    Imports

    Sections