Archive malware analysis — malicious · e2640ac1e5625dd1

MALICIOUS

Archive

302.7 KB First seen: 2019-06-27

MD5: 483bdefdf37fe5d5af8f5f3237a15220 SHA-1: 21627db750a2521881d7bf5981e7e8f62836e7c3 SHA-256: e2640ac1e5625dd1aa1d725d97034efbef4f3caccba23421570f479aacbb8ca5

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The archive was found to contain a malicious member, ActiveX1.bin, which is a separate executable file. This executable was hosted at the URL http://a.pomf.hummingbird.moe/kampdj.exe. The archive itself exceeded its entry limit, indicating it may be a container for multiple malicious components.

Heuristics 3

Archive contains malicious member critical ARCHIVE_CHILD_MALICIOUS

At least one extracted archive member was classified as malicious. The archive is a transport wrapper for that payload.
Archive entry limit reached (50) info ARCHIVE_LIMIT

Only the first 50 files were scanned.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://a.pomf.hummingbird.moe/kampdj.exe In document body

Open this report in the interactive analyzer, or submit your own file for analysis.