03fe3b3d924dea9e125be37afac048ab8b064f49cfe13cf2d4c4e3e794ede850

Sharing

Copy URL Twitter E-mail

General

Target

03fe3b3d924dea9e125be37afac048ab8b064f49cfe13cf2d4c4e3e794ede850
Size

4.6MB
MD5

5e379b4fd167cf58ee82c3150db5c90e
SHA1

1a8cd49daa01f7a9c8257eb68f9f8999531aed49
SHA256

03fe3b3d924dea9e125be37afac048ab8b064f49cfe13cf2d4c4e3e794ede850
SHA512

044524c32f6ad5680e676fc72964486898e1294fcd0d0457d8a0084ac607f9cf4f856edfaf836b09a56a96c92bcdfaa829d2984022aef3c8ea5d676b4967f429
SSDEEP

98304:4lxmAGGUElDSQsiG2rNK9S3xNYDac0M2IFYV9R2qw0A1+JUp1ESN:4lxRDUElb5vK9yxNY0MVs9wT8yp1f

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EncryptSynaptics.com
unpack001/Synaptics 蠕虫病毒感染解决方案.exe
unpack001/未封装EncryptSynaptics.com

Files

03fe3b3d924dea9e125be37afac048ab8b064f49cfe13cf2d4c4e3e794ede850
.zip
EncryptSynaptics.com
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

M:\Users\cdj68\Source\Repos\EncryptSynaptics\EncryptSynaptics 此为最新版本有不扫描Exfat格式的Bug\obj\Release\EncryptSynaptics.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Synaptics 蠕虫病毒感染解决方案.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\cdj68\Source\Repos\EncryptSynaptics\obj\Release\EncryptSynaptics.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Synaptics 蠕虫病毒感染解决方案.pdf
.pdf
- https://www.52pojie.cn/#
偷梁换柱：谨防“Synaptics”蠕虫病毒.pdf
.pdf
未封装EncryptSynaptics.com
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

M:\Users\cdj68\Source\Repos\EncryptSynaptics\EncryptSynaptics 此为最新版本有不扫描Exfat格式的Bug\obj\Release\EncryptSynaptics.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5.8MB - Virtual size: 5.8MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 5.8MB - Virtual size: 5.8MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B