PDF-BUILDER[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PDF-BUILDER.zip
Size

1.6MB
MD5

508b7beeb6f9df80924e4f5fa2ba4274
SHA1

9473898b838c55203f8e299fe139f59866c47cda
SHA256

76e101834aaad0eee5db92a1fde05f52c9512c6bb4ecbe85785d8661373a03e0
SHA512

94d3b3ce2bfe6b304fb54c740ce00fc4d45c796e18d41b5f4631f1e0c278f9c8c378e7f5d21e2f7dcd2f7940ac56f8201a9044d388314c2fe5702bd34b5fc30e
SSDEEP

24576:lsb+BVFOf15re7hVbyNlvkf0EU5cg2LkYDp+tkXetRbJgGpMbGP8PADl/OkG6rS6:ldBVMfbre7qaf0EUgkYDpFettOUB5SFE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PDF-BUILDER.exe

Files

PDF-BUILDER.zip
.zip
PDF-BUILDER.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\X\Desktop\Codes\NativePrograms\PDF_exploit\SilentPDF\obj\Debug\PDF-BUILDER.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ