josuloza / atyourownrisk Goto Github PK
View Code? Open in Web Editor NEWCAUTION!!!! ENTER ONLY IF YOU KNOW WHAT YOU DO, GREAT RISK OF INFECTION
atyourownrisk's People
Watchers
atyourownrisk's Issues
2 Malicious PDFs
2 PDFs with malicious activity, if you know what you do, you can download them to practice, probably the final leagues no longer work, but they can be used to practice and analyze what malicious activity or processes are performed on the computer.
MIME:
application/pdf
File info:
PDF document, version 1.6
MD5
ffc8e4958ace422dddb23c39a8f15fd7
SHA1
2ac5bc474224865a2f4da1fc36aeff50205366fa
SHA256
e3a027ac9adc94eee71626b3ffbe40bfdc8dfbfda32709eae8c42f1a43f31052
SSDEEP
6144:wJ91m4K1Wq2fCQvbNygLLUuD62QGLt1I65gjzQ6YdXigtr:i91mdWqACQv4tkk61/azYSgB
SUSPICIOUS
| Creates files in the program directory AdobeARM.exe (PID: 3248) Starts Internet Explorer AcroRd32.exe (PID: 2968) |
|---|
Modification events
PID
Process
Operation
Key
Name
Value
2968
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2968
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2968
AcroRd32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2968
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2968
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2332
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
bLastExitNormal
0
2332
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\DiskCabs
bForms_AdhocWorkflowBackup
0
2332
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
bExpandRHPInViewer
1
2332
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\NoTimeOut
smailto
5900
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{753AB263-1EBE-11E9-91D7-5254004A04AF}
0
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307010003001700030018003A004601
| PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
| 3828 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
| 2968 | AcroRd32.exe | GET | 304 | 2.16.186.33:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/278_15_23_20070.zip | unknown | –– | –– | whitelisted |
| –– | –– | GET | 304 | 2.16.186.33:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/277_15_23_20070.zip | unknown | –– | –– | whitelisted |
| 2968 | AcroRd32.exe | GET | 304 | 2.16.186.33:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/281_15_23_20070.zip | unknown | –– | –– | whitelisted |
| –– | –– | GET | 304 | 2.16.186.33:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/280_15_23_20070.zip | unknown | –– | –– | whitelisted |
| 2968 | AcroRd32.exe | GET | 304 | 2.16.186.33:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/message.zip | unknown | –– | –– | whitelisted |
| 3352 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
| 3796 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
| 3460 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
| Domain | IP | Reputation |
|---|---|---|
| www.bing.com | 204.79.197.200 13.107.21.200 | whitelisted |
| waa.ai | 104.24.113.128 104.24.112.128 | unknown |
| www.apple.com-kukirasikurakura.info | 116.203.62.139 | unknown |
| acroipm2.adobe.com | 2.16.186.33 2.16.186.32 | whitelisted |
| armmf.adobe.com | 23.210.248.251 | whitelisted |
| ardownload2.adobe.com | 2.18.233.74 | whitelisted |
MIME:
application/pdf
File info:
PDF document, version 1.7
MD5
fb7805d3611b859ccc5226cf8a7493b9
SHA1
eabd9aad9f771e771d4e3ec2f14387e6a6f52dd4
SHA256
b8f2fe3e16791086a7e5e48a98ce6d35f08428ecc4ed922e0785bef1ff202d09
SSDEEP
1536:HLIa1S5k662WffCGOIegIdC9SvcIijn6yN20BQn5pzjq7mg20xnkiOnTDdsKKZ4o:HcFkxPKqeguTv7k7x2ukiONV2Qu3v3lr
SUSPICIOUS
Executable content was dropped or overwritten
msdt.exe (PID: 2232)
Creates files in the program directory
AdobeARM.exe (PID: 2484)
Uses IPCONFIG.EXE to discover IP address
sdiagnhost.exe (PID: 3740)
Starts Internet Explorer
AcroRd32.exe (PID: 2988)
Modification events
PID
Process
Operation
Key
Name
Value
2988
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2988
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2988
AcroRd32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2988
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2988
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2316
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
bLastExitNormal
0
2316
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\DiskCabs
bForms_AdhocWorkflowBackup
0
2316
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
bExpandRHPInViewer
1
2316
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\NoTimeOut
smailto
5900
3948
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3948
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3948
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3948
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3948
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3948
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3948
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{FBEB89F6-1EBC-11E9-AA93-5254004A04AF}
0
3948
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3948
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3948
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E30701000300170003000E0019008501
| PID | Process | Filename | Type |
|---|---|---|---|
| 2232 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_66b74b72-3c29-45d9-805a-6bfd76311475\en-US\DiagPackage.dll.mui | executable |
| 2232 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_66b74b72-3c29-45d9-805a-6bfd76311475\DiagPackage.dll | executable |
| 2820 | makecab.exe | C:\Users\admin\AppData\Local\Temp\inf_2820_2 | –– |
| 3260 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png | image |
| 3260 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | –– |
| 3948 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FBEB89F6-1EBC-11E9-AA93-5254004A04AF}.dat | –– |
| 3948 | iexplore.exe | C:\Users\admin\AppData\Local\Temp~DF3576FB92BDADFF96.TMP | –– |
| 2604 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low\index.dat | dat |
| 2604 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log | text |
| 3948 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active{FBEB89F7-1EBC-11E9-AA93-5254004A04AF}.dat | –– |
| 3948 | iexplore.exe | C:\Users\admin\AppData\Local\Temp~DF8FBAACBF638C3317.TMP | –– |
| 3948 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BBB6F4B-AC5C-11E8-969E-5254004AAD11}.dat | binary |
| 3948 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active{099CBD30-1EBD-11E9-AA93-5254004A04AF}.dat | binary |
| 3948 | iexplore.exe | C:\Users\admin\AppData\Local\Temp~DFC5C980A05F1342D3.TMP | –– |
| 3948 | iexplore.exe | C:\Users\admin\AppData\Local\Temp~DFDD80460409FC93C5.TMP | –– |
| 2604 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@lihi[1].txt | text |
| 2604 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@lihi[2].txt | –– |
| 2604 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\tools[1] | image |
| 2604 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\favcenter[1] | image |
| PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
| 2988 | AcroRd32.exe | GET | 304 | 2.16.186.33:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/278_15_23_20070.zip | unknown | –– | –– | whitelisted |
| 2988 | AcroRd32.exe | GET | 304 | 2.16.186.33:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/277_15_23_20070.zip | unknown | –– | –– | whitelisted |
| 2988 | AcroRd32.exe | GET | 304 | 2.16.186.33:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/281_15_23_20070.zip | unknown | –– | –– | whitelisted |
| 2988 | AcroRd32.exe | GET | 304 | 2.16.186.33:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/280_15_23_20070.zip | unknown | –– | –– | whitelisted |
| 2988 | AcroRd32.exe | GET | 304 | 2.16.186.33:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/message.zip | unknown | –– | –– | whitelisted |
| 3948 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
| 3260 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
| Domain | IP | Reputation |
|---|---|---|
| acroipm2.adobe.com | 2.16.186.33 2.16.186.32 | whitelisted |
| armmf.adobe.com | 23.210.248.251 | whitelisted |
| www.bing.com | 204.79.197.200 13.107.21.200 | whitelisted |
| lihi.cc | 35.189.190.92 | unknown |
| authvx-mailconfirm.servehttp.com | 178.128.200.20 | unknown |
| lihi.io | 35.185.174.251 | whitelisted |
| ardownload2.adobe.com | 2.18.233.74 | whitelisted |
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.