popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1.pdf

Kimsuky Javascript ShellCode PDF
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 5, 2021, 1:11 p.m. Aug. 5, 2021, 1:12 p.m.
Size 693.6KB
Type PDF document, version 2.0
MD5 a0c7e9dc69e439cb431e6dea9f0d5930
SHA256 359ab5e0b57da0307ca9472e5b225dcd0f9dc9bf2efd2f15b1ca45b78791b6bc
CRC32 308D9976
ssdeep 12288:e9wwBpdbie7g84OTKuBqOX1BNVT5m+YH+JARGEwuxkIOcaj/5vDTWjaOyG2:Xkdz7y2DBJ1dYHoARzTkjcwvDTWOL
Yara
  • PDF_Javascript_ShellCode - PDF Javascript ShellCode
  • APT_Kimsuky_PDF_Shellcode_Aug_2021_1 - Detect Kimsuky shellcode used in fake PDF against South Korea
  • PDF_Format_Z - PDF Format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

FireEye Trojan.GenericKD.46736327
ALYac Trojan.PDF.208091A
ESET-NOD32 PDF/Exploit.Pidief.ABA
TrendMicro-HouseCall TROJ_FRS.VSNTH421
Kaspersky HEUR:Trojan-Dropper.PDF.Agent.gen
BitDefender Trojan.GenericKD.46736327
MicroWorld-eScan Trojan.GenericKD.46736327
Ad-Aware Trojan.GenericKD.46736327
Comodo TrojWare.Win32.Agent.hikcs@0
TrendMicro TROJ_FRS.VSNTH421
McAfee-GW-Edition Artemis!Trojan
Emsisoft Trojan.GenericKD.46736327 (B)
Arcabit Trojan.Generic.D2C923C7
ViRobot Trojan.Win32.S.FakePDF.710268
GData Trojan.GenericKD.46736327
AhnLab-V3 Exploit/PDF.FakeDocu
McAfee Artemis!A0C7E9DC69E4
Fortinet JS/Agent.5F4E!tr
Qihoo-360 susp.pdf.jsexp.gen