General

  • Target

    f71213b8589cb32ab20cd32a746276f8.bin

  • Size

    62.7MB

  • MD5

    43d79c127b3ee1750b395bcb0b7420dc

  • SHA1

    93a44522be3b1015a190bba0203f7df5ce2173ab

  • SHA256

    e81a97f6711b16f4afc864f0d0ad9d83fb62bfd78c2c22e1f0bf0bb6dce8a45c

  • SHA512

    cbc59d0625b0b6d716cb64cd4172222a27649eaf22620b248646ce2f8b8c12fb9f51fb772b22883e1d63f2395dfe67183bb59152d93d1f44542cd777c6291db6

  • SSDEEP

    1572864:oOXW/hJ4YQgZ6GUEH5+LccMchXR61X1/HSIngvaazseqhkiG:oO2J4YQs6G5H5+LlLXRm/HSlffqhkB

Score
3/10

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f71213b8589cb32ab20cd32a746276f8.bin
    .zip

    Password: infected

  • 8fb0916a58f9b1d17d00504e4ff24d8a8ce8915d1c9dcb58a6b2d818fdb3967e.zip
    .zip

    Password: infected

  • Prof-Loss stmt & W2.exe
    .exe windows:5 windows x86 arch:x86

    Password: infected

    e456fbce099e309bfeaff191fcf3b1ee


    Code Sign

    Headers

    Imports

    Sections

  • W2_PDF.i
    .pdf

    Password: infected

    • http://admin.fsu.edu

    • http://auburn.edu

    • http://d.umn.edu

    • http://duckwater.bu.edu/lc/mod12q1.htmlGAP

    • http://earthobservatory.nasa.gov/Newsroom/BlueMarble/Landsat

    • http://edcdaac.usgs.gov/glcc/glcc.htmlEuropean

    • http://edcdaac.usgs.gov/gtopo30/gtopo30.htmlSRTM

    • http://esri.com

    • http://geneseo.edu

    • Show all
  • msimg32.dll
    .dll windows:6 windows x86 arch:x86

    Password: infected

    da0694d194e99023b7097ec531813134


    Headers

    Imports

    Exports

    Sections