Overview

overview

5

Static

static

4

mbox-viewe...36.zip

windows7-x64

1

mbox-viewe...36.zip

windows10-2004-x64

1

HelpFiles/...DF.htm

windows7-x64

3

HelpFiles/...DF.htm

windows10-2004-x64

3

HelpFiles/...lp.odt

windows7-x64

4

HelpFiles/...lp.odt

windows10-2004-x64

1

HelpFiles/...lp.pdf

windows7-x64

3

HelpFiles/...lp.pdf

windows10-2004-x64

3

ReleasePlu...DF.htm

windows7-x64

3

ReleasePlu...DF.htm

windows10-2004-x64

3

ReleasePlu...lp.odt

windows7-x64

4

ReleasePlu...lp.odt

windows10-2004-x64

1

ReleasePlu...lp.pdf

windows7-x64

3

ReleasePlu...lp.pdf

windows10-2004-x64

3

ReleasePlu...ew.exe

windows7-x64

3

ReleasePlu...ew.exe

windows10-2004-x64

5

ReleasePlu...ry.cmd

windows7-x64

1

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows7-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows7-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ry.cmd

windows7-x64

1

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows7-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows7-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ry.cmd

windows7-x64

1

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows7-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    mbox-viewer.exe-v1.0.3.36.zip

  • Size

    42.9MB

  • MD5

    1a1c8f0f7c4a701c4dc2765922ddd655

  • SHA1

    2b81188647a89a9cbf9c9f2eee5c06ea9009d1f3

  • SHA256

    af7b3a37cf9f22eb418c70acad40d26297f47b22daa7b9c98d1313c205a0f070

  • SHA512

    f6e83e3bd1adfcdb520b1deb27bd3de24415d9c3a310515e1e8879dd8f0f832f8a2f44363d27799d21a3759dac7e384f689500bd52fe14959817022a34508171

  • SSDEEP

    786432:AN5VQKBa0BhwDv7IXjoQ4Od/LNhgFSiAsIJ61HLcaCKN+gR4gU4Mt8ywXLMhXQWg:ANYKo0Bhw3IX8Q4Od/LY/Aps1HoaLEG/

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 2 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • mbox-viewer.exe-v1.0.3.36.zip
    .zip
  • ForwardMails.pdf
    .pdf

    • https://account.microsoft.com/account

    • https://community.windows.com/en-us/stories/everything-you-need-to-know-about-microsoft-accounts

    • https://my.help.yahoo.com/kb/account/generate-third-party-passwords-sln15241.html

    • https://myaccount.google.com/lesssecureapps?pli=1

    • https://myaccount.google.com/security

    • https://support.microsoft.com/en-us/account-billing/how-to-create-a-new-microsoft-account-a84675c3-3e9e-17cf-2911-3d56b15c0aaf

    • https://support.microsoft.com/en-us/account-billing/using-app-passwords-with-apps-that-don-t-support-two-step-verification-5896ed9b-4263-e681-128a-a6f2979a7944

    • https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2

    • https://www.lifewire.com/get-a-password-to-access-gmail-by-pop-imap-2-1171882

    • Show all
  • ForwardMails/ForwardEmlFile.exe
    .exe windows:6 windows x86 arch:x86

    bf1462ce2cfa173883d7ac57d7af7b93


    Headers

    Imports

    Sections

  • ForwardMails/ForwardEmlFile.pdb
  • ForwardMails/MailKit.pdb
  • ForwardMails/MimeKit.pdb
  • HELP.txt
  • HelpFiles/PrintMultipleMailsToPDF.htm
    .html
  • HelpFiles/SearchHelp.odt
    .odt openoffice
  • HelpFiles/SearchHelp.pdf
    .pdf
  • LICENSE.txt
  • README.txt
  • ReadMe.markdown
  • ReleasePlusStackTrace/HELP.txt
  • ReleasePlusStackTrace/HelpFiles/PrintMultipleMailsToPDF.htm
    .html
  • ReleasePlusStackTrace/HelpFiles/SearchHelp.odt
    .odt openoffice
  • ReleasePlusStackTrace/HelpFiles/SearchHelp.pdf
    .pdf
  • ReleasePlusStackTrace/mboxview.exe
    .exe windows:6 windows x86 arch:x86

    441a2cba18b57128e92d53ae4b6d47ae


    Headers

    Imports

    Sections

  • ReleasePlusStackTrace/mboxview.pdb
  • ReleasePlusStackTrace/scripts/HTML2PDF-all-chrome-canary.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-all-chrome.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-all-wkhtmltopdf.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-group-chrome-canary.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-group-chrome.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-group-wkhtmltopdf.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-single-chrome-canary.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-single-chrome.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/HTML2PDF-single-wkhtmltopdf.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/PDFMerge-pdfbox.cmd
    .cmd .vbs
  • ReleasePlusStackTrace/scripts/pdfbox-config.txt
  • UserGuide.pdf
    .pdf

    • https://account.microsoft.com/account

    • https://community.windows.com/en-us/stories/everything-you-need-to-know-about-microsoft-accounts

    • https://github.com/eneam/mboxviewer/releases

    • https://msdn.microsoft.com/en-us/library/windows/desktop/dd317756(v=vs.85).aspx

    • https://my.help.yahoo.com/kb/account/generate-third-party-passwords-sln15241.html

    • https://myaccount.google.com/lesssecureapps?pli=1

    • https://myaccount.google.com/security

    • https://pdfbox.apache.org/

    • https://pdfbox.apache.org/2.0/commandline.html

    • Show all
  • mboxview.exe
    .exe windows:6 windows x86 arch:x86

    349c9dad16b3fa9197a33afdd76bf148


    Headers

    Imports

    Sections

  • mboxview64.exe
    .exe windows:6 windows x64 arch:x64

    c5b564dd9a8723188721abc3de2efa64


    Headers

    Imports

    Sections

  • scripts/HTML2PDF-all-chrome-canary.cmd
    .cmd .vbs
  • scripts/HTML2PDF-all-chrome.cmd
    .cmd .vbs
  • scripts/HTML2PDF-all-wkhtmltopdf.cmd
    .cmd .vbs
  • scripts/HTML2PDF-group-chrome-canary.cmd
    .cmd .vbs
  • scripts/HTML2PDF-group-chrome.cmd
    .cmd .vbs
  • scripts/HTML2PDF-group-wkhtmltopdf.cmd
    .cmd .vbs
  • scripts/HTML2PDF-single-chrome-canary.cmd
    .cmd .vbs
  • scripts/HTML2PDF-single-chrome.cmd
    .cmd .vbs
  • scripts/HTML2PDF-single-wkhtmltopdf.cmd
    .cmd .vbs
  • scripts/PDFMerge-pdfbox.cmd
    .cmd .vbs
  • scripts/pdfbox-config.txt