popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

제4기AMP 안내자료.pdf

Kimsuky Javascript ShellCode PDF
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 5, 2021, 12:29 p.m. Aug. 5, 2021, 12:29 p.m.
Size 203.2KB
Type PDF document, version 1.6
MD5 70294ac8b61bfb936334bcb6e6e8cc50
SHA256 512ad244c58064dfe102f27c9ec8814f3e3720593fe1e3ed48a8cb385d52ff84
CRC32 E33615E0
ssdeep 3072:xMLZB6xP2cQ8mUjIgBPsP5TUYdFTCrQlGvwJpKz9z7PDHUx2p:KLbGPQ8DZkPDFTCEl7s9z7PbB
Yara
  • PDF_Javascript_ShellCode - PDF Javascript ShellCode
  • APT_Kimsuky_PDF_Enc_Shellcode_Aug_2021_1 - Detect encoded Kimsuky shellcode used in fake PDF against South Korea
  • PDF_Format_Z - PDF Format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

McAfee Artemis!70294AC8B61B
Kaspersky HEUR:Trojan-Dropper.PDF.Agent.gen
Comodo TrojWare.Win32.Agent.vlynu@0
TrendMicro HEUR_PDFEXP.B
McAfee-GW-Edition Artemis!Trojan
Microsoft Trojan:Win32/Casdet!rfn
ViRobot Trojan.Win32.S.FakePDF.208091
ZoneAlarm HEUR:Trojan-Dropper.PDF.Agent.gen
AhnLab-V3 Exploit/PDF.FakeDocu
ALYac Trojan.PDF.208091A
Fortinet JS/Agent.FF84!tr