Malicious Archive / .ZIP — malware analysis report

Static analysis result for SHA-256 621cb87de41dcb4c…

MALICIOUS

Archive / .ZIP

26.93 MB
MD5: fd8937580c870c766ee908dc29c385ca SHA-1: f3c004ad3e89bef8fb9054453edad8a49772ae58 SHA-256: 621cb87de41dcb4c67ce4fca395f6c600f0b3ca9cba85d7314b7426b1a9c9436
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The archive exceeded its entry limit, indicating a large number of contained files. One of these members was identified as malicious, suggesting it is the primary payload. Several URLs were extracted, with some exhibiting suspicious patterns commonly associated with malware distribution. The presence of a malicious member within the archive strongly suggests a spearphishing attachment delivery vector.

Heuristics 3

  • Archive contains malicious member critical ARCHIVE_CHILD_MALICIOUS
    At least one extracted archive member was classified as malicious. The archive is a transport wrapper for that payload.
  • Archive entry limit reached (50) info ARCHIVE_LIMIT
    Only the first 50 files were scanned.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://alllyricssongs.co.cc//load450.php?spl=pd2_exp
    • http://www.bitstream.com
    • http://estguard.com/cgi-bin/ca7/z006106201r0019R3d07e5aaXddb9522aY7611b338Z0100f060
    • http://googleinru.in/cgi-bin/etn/z002106201r0019Ra1a1cfb7Xd66e95edY28fe0976Z0100f060
    • http://93.174.93.11/~delmonca/u/load.php
    • http://2subgo.co.cc/a/l.php?i=16
    • http://www.gorillawalker.com/geografia-em-mapas-introdu-o-cartografia-em-portuguese-do-brasil.pdf
    • http://www.gorillawalker.com/soups-stews-chilis.pdf
    • http://www.gorillawalker.com/full-contact-redemption.pdf
    • http://www.gorillawalker.com/next-generation-grammar-4-with-myenglishlab.pdf
    • http://www.gorillawalker.com/the-answer-man.pdf
    • http://www.gorillawalker.com/33-days-to-morning-glory-a-do-it-yourself-retreat.pdf
    • http://www.gorillawalker.com/walt-disney-animation-studios-the-archive-series-design-by-disney.pdf
    • http://www.gorillawalker.com/2009-32-cfr-400-629-department-of-the-army-2009.pdf
    • http://www.gorillawalker.com/china-under-reform-history-and-culture-of-china.pdf
    • http://www.gorillawalker.com/50-markets-that-pay-freelance-writers-10-cents-per-word.pdf
    • http://www.gorillawalker.com/let-the-people-rule-theodore-roosevelt-and-the-birth-of.pdf
    • http://www.gorillawalker.com/to-amend-titles-xviii-and-xix-of-the-social-security.pdf
    • http://www.gorillawalker.com/travels-in-tartary-and-thibet-great-explorations.pdf
    • http://www.gorillawalker.com/lonely-planet-hong-kong-travel-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/module-5-managing-conflict-and-workplace-relationships-managerial-communication-series.pdf
    • http://www.gorillawalker.com/creative-ritual-combining-yoruba-santeria-and-western-magic-traditions-combining.pdf
    • http://www.gorillawalker.com/night-watch.pdf
    • http://www.gorillawalker.com/history-in-his-hands-a-christian-narrative-of-the-west.pdf
    • http://www.gorillawalker.com/modales-manners-spanish-edition.pdf
    • http://www.gorillawalker.com/cyber-bullying-bullying-in-the-digital-age.pdf
    • http://www.gorillawalker.com/croisi-res-de-r-ve-50-itin-raires-autour-du.pdf
    • http://www.gorillawalker.com/letters-from-ireland.pdf
    • http://www.gorillawalker.com/blazing-the-path-fifty-years-of-things-fall-apart.pdf
    • http://www.gorillawalker.com/workbook-simplified-level-1-part-2.pdf
    • http://www.gorillawalker.com/why-measure-the-10-day-portrait-drawing-crash-course.pdf
    • http://www.gorillawalker.com/trust-no-one-the-official-third-season-guide-to-the.pdf
    • http://www.gorillawalker.com/saison-livre-de-l-eleve-a1-a2-cd-dvd-french.pdf
    • http://www.gorillawalker.com/full-colour-road-map-of-central-scotland-including-street-maps.pdf
    • http://www.gorillawalker.com/advances-in-clinical-chemistry-volume-68.pdf
    • http://www.gorillawalker.com/measurement-and-testing-of-coatings.pdf
    • http://www.gorillawalker.com/an-introduction-to-poetry.pdf
    • http://www.gorillawalker.com/the-future-of-competition-co-creating-unique-value-with-customers.pdf
    • http://www.gorillawalker.com/ice-cream-on-the-side-kindle-edition.pdf
    • http://www.gorillawalker.com/you-before-me.pdf
    • http://www.gorillawalker.com/piping-supports-and-structural-dynamics-technology-in-a-global-society.pdf
    • http://www.gorillawalker.com/leah-s-voice.pdf
    • http://www.gorillawalker.com/unspoken-a-mystery.pdf
    • http://www.gorillawalker.com/bundle-calculus-early-transcendentals-7th-enhanced-webassign-homework-and-ebook.pdf
    • http://www.gorillawalker.com/filmmakers-and-financing-business-plans-for-independents-american-film-market.pdf
    • http://www.gorillawalker.com/construction-failures-1991-cum-suppt.pdf
    • http://mcduimqmoxk.com/nte/prox.exe/yH9ad7bd4fV0100f060006R87006a76102Td6c4d8bc203l000c
    • http://google.com.analytics.eicyxtaecun.com/nte/trest11.exe/eH2d83dab5V03007f35002Rf53e765c102T75f9dcf4Q000002fc901801F002a000aJ11000601l0409Kaa9ea783
    • https://currencyname.com/american/shared_Documents
    • http://1.eriflsaovdvdsa.co.cc/1/load.php?spl=pdf_new
    +57 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.