Skip to content

Instantly share code, notes, and snippets.

@teixeira0xfffff
Last active September 1, 2021 21:16
Show Gist options
  • Save teixeira0xfffff/6ccbdbef95da08dcf2e213b99e4b9533 to your computer and use it in GitHub Desktop.
Save teixeira0xfffff/6ccbdbef95da08dcf2e213b99e4b9533 to your computer and use it in GitHub Desktop.
Analyzing Malicious Documents (PDF file)
Name: SCAN_0502_FA2C8.pdf
MD5 dfc20138456eb478673e046754536c76
SHA-1 bbc5dbdf9bbf844854dc52f47b03b88ebac5bc17
SHA-256 a6b7a89a073be96dcfaac63ef0093e3186171995df90c9c3f966083338e858e9
Vhash 913a9ca88f467c85a8c6e005b9321caa5
SSDEEP 384:fC3s7nDeeTykyBmtnbFOB444uBAzLzobLTbL4wu:fC3sO+AAxOBhfAzAbPb8wu
File type PDF
Magic PDF document, version 1.4
File size 16.93 KB (17337 bytes)
https://www.virustotal.com/gui/file/a6b7a89a073be96dcfaac63ef0093e3186171995df90c9c3f966083338e858e9/details
@teixeira0xfffff
Copy link
Author

teixeira0xfffff commented Jan 2, 2020

Use egrep to print related IOC:

win32k:~# cat SCAN_0502_4CC4E.vbs | egrep 'd.exe|Create' -C2

image

@Usmaneeyy
Copy link

How i can download this file for checking it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment