MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious File
The sample is a ZIP archive that was found to contain a malicious member, identified by its SHA256 hash. This indicates the archive was likely used as a delivery mechanism for a malicious executable. The presence of unknown URLs suggests potential command and control or payload download infrastructure.
Heuristics 3
-
Archive contains malicious member critical ARCHIVE_CHILD_MALICIOUSAt least one extracted archive member was classified as malicious. The archive is a transport wrapper for that payload.
-
Archive entry limit reached (50) info ARCHIVE_LIMITOnly the first 50 files were scanned.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://beancountercity.in/cgi-bin/uiq/eH78dd1a36V0100f060006R97f3b4e5102T6a315b4f203l0019
- http://diaiscjdthr.com/nte/indephandler.html/eU230d9c2eH7b212191V0100f060006Rdedb4260102T4e60eadf203l000cKd9f4e1a4
- http://diamondbagline.com/ele/load.php?spl=pdf_exp
- http://online-counter.cn/stats/211/loadpdf.php
- http://soulcaferestaurant.com/content/aza.html/n002106201Xd0c583bbY60e84a00
- http://trsaero.com/cgi-bin/001/n002106203r0409R5b582482X49364bdcY01b77fc5
- http://geawseeper.com/w/l.php?i=4
- http://geonetsa.com/cgi-bin/ca7/z002106201r0019Rffed1eefXd97936feY5d721693Z0100f060
- http://www.greenlpl.com/exe.php?spl=PDF%20(printd
- http://www.greenlpl.com/exe.php?spl=PDF%20(EmailInfo
- http://www.greenlpl.com/exe.php?spl=PDF%20(util_printf
- http://www.greenlpl.com/exe.php?spl=PDF%20(GetIcon
- http://www.bitstream.com
- http://aghveruathr.com/nte/indephandler.exe/eU230d9c2eH4f2cbdeaV0100f060006R9d5a0bdc102Tda444a66203l000c
- http://ajnuocfdrukv.com/nte/TREST1.exe/eH58cb2e01V0100f060006R746fedfc102Tc0978bbb201l0019Kde02fbc8
- http://qmyzued.info/cgi-bin/login.aspx/z002106201r0409R50f6a9d4Xb4b6666eY7acc8815Z0100f070
- http://webgetwise.com/cgi-bin/176/n002106201r0019Ra001e36bX9496eefeY4727314fZ0100f060
- http://googleinru.in/cgi-bin/etn/z002106201r0019R5f0bac44Xbc4374a9Y12913501Z0100f060
- http://beancountercity.in/cgi-bin/uiq/eH0b60e0a5V0100f060006R2897f598102Tf21efc56203l0019
- http://qghgixfqthr.com/nte/GNH4.exe/eU230d9c2eH37a7d592V0100f060006Rf877e361102Td100f97d203l000cK291d16b6
- http://gwen.broken-road.com/fanlistings/actors/f/load.php
- http://93.174.93.11/~delmonca/u/load.php
- http://besazex.info/page/news.php/n002106201r0409Rb470cb79Xd7fd25b2Y05bae5f2Z0100f080
- http://neevia.com
- http://09.2.03.00.17820.937.22.login-court-verification-secured-asp-info-court-order.adobe.verification.login.curety.com/98/u889iuoio0000111/
- http://ajxpeehuvpcv.com/nte/trest1.py/eH6e34a5b8V0100f060006R98e51d2b102Tc7a4f62f201l0019Kc8e5aed2
- http://beancountercity.in/cgi-bin/uiq/eH4629ec75V0100f060006R18b17df4102Tfa72693f203l0019
- http://qghtdopqoxk.com/nte/utan.php/yH0ea52705V0100f060006Rd4e569f0102Tc0fc475f203l000c
- http://www.xfa.org/schema/xfa-template/2.5/
- http://ns.adobe.com/xdp/
- http://www.xfa.org/schema/xci/1.0/
- http://ns.adobe.com/xtd/
- http://www.xfa.org/schema/xfa-data/1.0/
- http://ns.adobe.com/xfdf/
- http://www.xfa.org/schema/xfa-form/2.8/
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://ns.adobe.com/iX/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://purl.org/dc/elements/1.1/
- http://www.xfa.org/schema/xfa-template/2.4/
- http://www.xfa.org/schema/xci/2.6/
- http://www.xfa.org/schema/xfa-template/2.6/
- http://www.xfa.org/schema/xci/3.0/
- http://www.xfa.org/schema/xfa-template/3.0/
- http://www.xfa.org/schema/xfa-template/2.8/
- https://jdocusign.wordpress.com/about/
- http://www.microsoft.com/typography/ctfontshttp://fontfabrik.comYou
- http://www.microsoft.com/typography/fonts/default.aspx
+11 more URL(s)
Open this report in the interactive analyzer, or submit your own file for analysis.