Last active
September 1, 2021 21:16
-
-
Save teixeira0xfffff/6ccbdbef95da08dcf2e213b99e4b9533 to your computer and use it in GitHub Desktop.
Analyzing Malicious Documents (PDF file)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Name: SCAN_0502_FA2C8.pdf | |
| MD5 dfc20138456eb478673e046754536c76 | |
| SHA-1 bbc5dbdf9bbf844854dc52f47b03b88ebac5bc17 | |
| SHA-256 a6b7a89a073be96dcfaac63ef0093e3186171995df90c9c3f966083338e858e9 | |
| Vhash 913a9ca88f467c85a8c6e005b9321caa5 | |
| SSDEEP 384:fC3s7nDeeTykyBmtnbFOB444uBAzLzobLTbL4wu:fC3sO+AAxOBhfAzAbPb8wu | |
| File type PDF | |
| Magic PDF document, version 1.4 | |
| File size 16.93 KB (17337 bytes) | |
| https://www.virustotal.com/gui/file/a6b7a89a073be96dcfaac63ef0093e3186171995df90c9c3f966083338e858e9/details | |
Use egrep to print related IOC:
win32k:~# cat SCAN_0502_4CC4E.vbs | egrep 'd.exe|Create' -C2
Tools used:
- exiftool
- binwalk
- egrep
- wget
- olevba3
- colout
- cat
VT files:
https://www.virustotal.com/#/file/a6b7a89a073be96dcfaac63ef0093e3186171995df90c9c3f966083338e858e9/detection
https://www.virustotal.com/#/file/4d94eaace3a28423dcd407ed0db253ee97a8285ef0ebb8350daebb347182b631/detection
Malware-Traffic-Analysis.net related:
How i can download this file for checking it?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use olevba3 to see more info about this VBS file:
win32k:~#olevba3 -a SCAN_0502_4CC4E.vbs