PDF malware analysis — malicious · 1a48796317f8401c

MALICIOUS

PDF

134.7 KB Created: 2022-07-08 01:13:14 +00:00 Authoring application: raylleva (via PDF Master 1.0.1) First seen: 2022-07-15

MD5: d1c2912ba02fb408dec460044f7ee4a0 SHA-1: 29f88e2033d4175b7f9f49579c26ec7cddf28ef1 SHA-256: 1a48796317f8401cf588f48e1bf61e2370c212e584c17f82b8608c16ebe6084d

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link T1059.001 PowerShell

The PDF file contains a large number of external links, a technique often used for SEO poisoning or to host phishing lures. The heuristic 'PDF_SEO_LINK_FARM' specifically flags this behavior, indicating a malicious intent to redirect users to potentially harmful content. The presence of multiple external URLs, including one with a suspicious query string, supports this assessment.

Machine Learning

Nyx PDF Classifier clean score 0.0069

Heuristics 3

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://rocketcarrental.com/SEQgT25saW5lIFBsYXllciAoZG93bmxvYWQgdGFtaWwgZHViYmVkIHRoZSBCZW4tSHVyIChFKQSEQ/panellets/foursome.justifying?absentees=penicillamine..&ZG93bmxvYWR8UGY0WVhWNE5IeDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=pretends
- http://www.actky.com/sites/default/files/webform/j-stars-victory-vs-pc-crack-gamesinstmank.pdf
- https://luvmarv.com/2022/07/08/volante-neo-racer-flex-driver-12-top/
- https://www.weactgreen.com/upload/files/2022/07/jfi2l71GR6TZ8LUSwFxO_08_63b4c093d9c3860e075109691ad5d75a_file.pdf
- https://fotofables.com/gemvision-countersketch-studio-20mediafirezip-verified/
- http://lawcate.com/wp-content/uploads/2022/07/Ravan_Raaj_720p_Movies.pdf
- http://www.delphineberry.com/wp-content/uploads/2022/07/damadar.pdf
- https://autko.nl/wp-content/uploads/2022/07/anatbeth.pdf
- https://likesmeet.com/upload/files/2022/07/lHLtnbTAuN473Nlb9XAn_08_b37f74bc99310bc7a0ad58a9281dcb48_file.pdf
- https://www.deleksashop.com/winkochan-wincart-4-0-pro-serial-hot/
- https://facepager.com/upload/files/2022/07/QZyzxxAufZ28g1Lc9k5u_08_b37f74bc99310bc7a0ad58a9281dcb48_file.pdf
- http://cicatsalud.com/html/sites/default/files/webform/ingmphy984.pdf
- https://marketing6s.com/index.php/advert/designdatahandbookbykmahadevanfreedownload-verified/
- https://lanave.es/wp-content/uploads/2022/07/gessfaya.pdf
- https://www.digitalpub.ma/advert/activation-trulaser-2015-activation/
- https://www.mein-hechtsheim.de/advert/the-devils-double-2011-bdriphdt-dual-audio-_verified_/
- https://gembeltraveller.com/minecraft-alpha-1-0-16-02-with-sound-extra-quality/
- https://coolbreezebeverages.com/arabic-grammar-nahw-and-sarf-pdf-26/
- https://www.sindmppr.org/wp-content/uploads/2022/07/Infinity_Best_Crack_185_Download.pdf
- https://www.vsv7.com/upload/files/2022/07/sB8IOiIuJSPiUaSl9pvT_08_63b4c093d9c3860e075109691ad5d75a_file.pdf
- https://talkotive.com/upload/files/2022/07/mNpY1oA1Rqu5W3ckBZex_08_b37f74bc99310bc7a0ad58a9281dcb48_file.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.