Overview

overview

10

Static

static

10

ouch.pdf

windows10-2004-x64

3

ouch.exe

windows10-2004-x64

10

Resubmissions

20-01-2025 21:30

250120-1cqcdszphy 10

20-01-2025 21:24

250120-z82jvsznbv 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ouchpdf.zip

  • Size

    367KB

  • MD5

    1a68c80abd10d72c1dbdf642a56525a1

  • SHA1

    b6b3760256c651bbe2af695209f7b105d3f04d59

  • SHA256

    ecb965ccea59652f730005d709c3f78b77345a0ad9c1f25ed372c156aafcfb2f

  • SHA512

    46d7f78edbeeeab8bcf5e05c21754528b8a466c8af905b4de5c9ba8bb1701685a001d1c586c1713ea92cbc7cc175f81a49f10cbe28ced2e75a77754ecd27349e

  • SSDEEP

    6144:WJeJwtqFElPB9xce7IQauH09b3hJIILeKPu+MBqUz4vdycc5xQB1Gt98uGVV:W4qqqPB9x6bII9cJ8v0cRBQ8uW

Score
10/10
pdflinkjavascriptmetasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://10.1.1.155:8080/2nvF

Signatures

  • Metasploit family
    metasploit
  • PDF contains JavaScript

    Detects presence of JavaScript in PDF files.

    pdfjavascript
  • PDF contains one or more embedded files

    Detects presence of embedded files in PDF files.

    pdf
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ouchpdf.zip
    .zip

    Password: malware

  • ouch.pdf
    .pdf

    Password: malware

    • http://www.sans.org/cisen-USOUCH!

    • http://www.sans.org/renisacen���

    • http://www.securingthehuman.org/resources/newsletters/ouch/2013#february2013en-USCommon

    • http://www.securingthehuman.org/resources/secen-USSANS

    • http://www.theatlanticwire.com/technology/2013/02/spear-phishing-security-advice/6

    • http://www.us-cert.gov/ncas/tips/st04-014en-USPhishing:

    • https://www.sans.org/tip_of_the_day.php

  • ouch.pdf
    .exe windows:4 windows x86 arch:x86

    Password: malware

    481f47bbb2c9c21e108d65f52b04c448


    Headers

    Imports

    Sections