popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1.pdf

Kimsuky PDF
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 5, 2021, 11:10 a.m. Aug. 5, 2021, 11:11 a.m.
Size 693.6KB
Type PDF document, version 2.0
MD5 a0c7e9dc69e439cb431e6dea9f0d5930
SHA256 359ab5e0b57da0307ca9472e5b225dcd0f9dc9bf2efd2f15b1ca45b78791b6bc
CRC32 308D9976
ssdeep 12288:e9wwBpdbie7g84OTKuBqOX1BNVT5m+YH+JARGEwuxkIOcaj/5vDTWjaOyG2:Xkdz7y2DBJ1dYHoARzTkjcwvDTWOL
Yara
  • APT_Kimsuky_PDF_Shellcode_Aug_2021_1 - Detect Kimsuky shellcode used in fake PDF against South Korea
  • PDF_Format_Z - PDF Format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

ALYac Trojan.PDF.208091A
Kaspersky UDS:Trojan-Dropper.PDF.Agent.a
ViRobot Trojan.Win32.S.FakePDF.710268
McAfee-GW-Edition Artemis
AhnLab-V3 Exploit/PDF.FakeDocu
McAfee Artemis!A0C7E9DC69E4
Qihoo-360 susp.pdf.jsexp.gen