Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.20 11:09
How IT infrastructure ...
09.20 11:09
This Week in Security:...
09.20 11:09
Europol Shuts Down Maj...
09.20 11:09
Microsoft Edge securit...
09.20 10:09
Could Artificial Intel...
09.20 10:09
Sintesi riepilogativa ...
09.20 10:09
MicroStrategy Raises $...
09.20 10:09
How integrated pentest...
09.20 10:09
Indian SMEs Targets Of...
09.20 10:09
-=TWELVE=- is back

Summary | ZeroBOX

1609fbf0d6c26e---38596704027.pdf

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 8, 2021, 2:43 p.m.	July 8, 2021, 2:46 p.m.

Size	76.9KB
Type	PDF document, version 1.4
MD5	`c4d757196a348dbc813b65774a370dc3`
SHA256	`dd81b5e9d99588633b73117e3b1f84f1a6952f9d573057d804047a85abfb8328`
CRC32	`000DC085`
ssdeep	`1536:4IhgBQgoSXCvW8qYCinLlpJys6zg3H9TNSo+lipx5bo4W0AMysS/:jSsWAFLhDZNTgo+li35tyb`
Yara	PDF_Suspicious_Link_Z - PDF Suspicious Link PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\1609fbf0d6c26e---38596704027.pdf
2672

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 8, 2021, 2:43 p.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70f23000 process_handle: 0xffffffff	1	0	0

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

DrWeb	PDF.Phisher.197
Sangfor	Phishing.Generic-PDF.Save.209d4707
Cyren	PDF/Gerphish.J.gen!Camelot
McAfee-GW-Edition	BehavesLike.PDF.Suspicious.lb
Ikarus	Trojan.PDF.Phishing
Avira	HTML/Malicious.PDF.Gen2
GData	PDF.Trojan-Stealer.Phishing.E
Cynet	Malicious (score: 99)
McAfee	PDF/Phish-FAB!C4D757196A34
Rising	Trojan.Phishing/PDF!1.D4DE (CLASSIC)
SentinelOne	Static AI - Suspicious PDF
Fortinet	PDF/Phish.8A00!tr
Qihoo-360	susp.ex_pdf.phisher.c