Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.542642008.0000000002910000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.541978426.0000000000A44000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.29289af.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.542027781.0000000000B7F000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.542642008.0000000002910000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SHIPMENTDOCUMENTSPDF.exe PID: 6796, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.542642008.0000000002910000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.541978426.0000000000A44000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.29289af.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.29289af.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.29289af.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000000.00000002.542027781.0000000000B7F000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000000.00000002.542642008.0000000002910000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: SHIPMENTDOCUMENTSPDF.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SHIPMENTDOCUMENTSPDF.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SHIPMENTDOCUMENTSPDF.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SHIPMENTDOCUMENTSPDF.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SHIPMENTDOCUMENTSPDF.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SHIPMENTDOCUMENTSPDF.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SHIPMENTDOCUMENTSPDF.exe, 00000000.00000002.542642008.0000000002910000.00000040.00001000.00020000.00000000.sdmp |
String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList |
Source: SHIPMENTDOCUMENTSPDF.exe, 00000000.00000002.542642008.0000000002910000.00000040.00001000.00020000.00000000.sdmp |
String found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType |
Source: SHIPMENTDOCUMENTSPDF.exe, 00000000.00000002.541978426.0000000000A44000.00000002.00001000.00020000.00000000.sdmp |
String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList |
Source: SHIPMENTDOCUMENTSPDF.exe, 00000000.00000002.541978426.0000000000A44000.00000002.00001000.00020000.00000000.sdmp |
String found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.542642008.0000000002910000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.541978426.0000000000A44000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.542642008.0000000002910000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.541978426.0000000000A44000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SHIPMENTDOCUMENTSPDF.exe PID: 6796, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.291053f.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SHIPMENTDOCUMENTSPDF.exe.a30000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.542642008.0000000002910000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.541978426.0000000000A44000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |