Cyber Creatures

I came across an interesting PDF today which I would like to analyze for you. However, I decided to do something a little different today and do the analysis only using free online tools . Although this method might not be as technically exhaustive as analyzing the malware on a dedicated VM for malware analysis or in a disassembler, sometimes you might not have access to all your fancy tools and might need to do quick and dirty analysis to investigate some malicious document . Let’s start with Any Run. As we can see the file is a standard phishing template PDF that instructs the victim to “ click on the button ” to download additional files . It is masquerading itself as a document containing protected files. After clicking the “ OPEN ” button on the PDF , the archive (.zip file in the screenshot) gets downloaded. When we extract the contents of the archive we are left with the IP-August.14.wsf ( Windows Script File ). A Windows Script File (WSF) is a file format used to create...