Malicious PDF — malware analysis report

Static analysis result for SHA-256 2a264435a1dd2f62…

MALICIOUS

PDF

126.1 KB Created: 2022-07-08 01:47:18 +00:00 Authoring application: kaeely (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 978221e16ff0fd1f805696ea297611e0 SHA-1: fc0eccae956bc548048fc3451a6e3ebe452adc45 SHA-256: 2a264435a1dd2f6297f58522282b4b32eaa6b64619bb5cb69b2327ee2c19082d
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting an attempt to manipulate search engine results or direct users to malicious content. One prominent external URI, http://esecuritys.com/intended]/.blair/ZG93bmxvYWR8NlZDWW5Kc2JIeDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.preowned/Q09ELUJPIFJlcFogUGF0Y2gtdjEwNyBFeGVDT0QtQk8gUmVwWiBQYXRjaC12MTA3IEUgaW50ZXJlIG1lZGljaW5hIGtyaXkQ09.fleeing, is likely a lure for downloading further malware. The document body was not sufficiently readable to extract specific content, but the heuristics strongly indicate a malicious intent related to link distribution.

Machine Learning

  • Nyx PDF Classifier clean score 0.0066

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://esecuritys.com/intended]/.blair/ZG93bmxvYWR8NlZDWW5Kc2JIeDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.preowned/Q09ELUJPIFJlcFogUGF0Y2gtdjEwNyBFeGVDT0QtQk8gUmVwWiBQYXRjaC12MTA3IEUgaW50ZXJlIG1lZGljaW5hIGtyaXkQ09.fleeing
    • https://coursestone.com/wp-content/uploads/2022/07/Easera_Systune_Download_Crack_Pes.pdf
    • https://social.maisonsaine.ca/upload/files/2022/07/THr2xYmY3S5jps2cXuPa_08_4f1b91ad8ed90faf66af8334b0f04766_file.pdf
    • https://www.cubius.fr/saunders-veterinary-anatomy-coloring-book-1e-downloads-torrent-top/
    • https://buyzionpark.com/wp-content/uploads/2022/07/alfosyre.pdf
    • https://www.cameraitacina.com/en/system/files/webform/feedback/beanest471.pdf
    • https://sussexcountyde.gov/sites/default/files/webform/events/rpgvx-readerCRACKEDFull96.pdf
    • http://brainworksmedia.in/wp-content/uploads/2022/07/uleweyl.pdf
    • https://www.eecoeats.com/wp-content/uploads/2022/07/bratash.pdf
    • http://www.covenantmiami.org/wp-content/uploads/2022/07/Aim_Hack_Za_Cs_16_Warzone.pdf
    • https://www.town.lyndeborough.nh.us/sites/g/files/vyhlif4641/f/uploads/2019_lyndeborough_tax_maps_-_numbered.pdf
    • https://serippy.com/dvd-photoshop-expert-alexandre-keese-torrent-torrent-exclusive/
    • http://www.covenantmiami.org/wp-content/uploads/2022/07/Adobe_Acrobat_3D_V810_Torrentrar_INSTALL.pdf
    • https://squalefishing.com/advert/lalithasahasranamammeaningintelugupdffree176-cracked/
    • http://www.perfectlifestyle.info/avid-xpress-pro-v4-5-crack-best/
    • https://holytrinitybridgeport.org/advert/telechargement-sam-le-pompier-s7-utorrent-top/
    • https://deradiobingo.nl/wp-content/uploads/2022/07/Official_Oppo_Reno_5G_Edition_CPH1921_Stock_Rom_HOT.pdf
    • https://www.astrodon.co.za/sites/default/files/webform/qDeskpdf-studio-x-50-Crack-Keygen-Full-Version-download.pdf
    • https://www.kroonliften.com/nl-be/system/files/webform/Official-Motorola-Moto-G7-Play-XT19524-CHANNEL-Stock-Rom.pdf
    • https://coursestone.com/wp-
    • https://social.maisonsaine.ca/upload/files/2022/07/THr2xYmY3S5jps2cX
    • https://www.cubius.fr/saunders-veterinary-anatomy-coloring-book-1e-
    • https://www.cameraitacina.com/en/system/files/webform/feedback/bea
    • https://sussexcountyde.gov/sites/default/files/webform/events/rpgvx-
    • http://www.covenantmiami.org/wp-
    • https://www.town.lyndeborough.nh.us/sites/g/files/vyhlif4641/f/uploads/
    • https://serippy.com/dvd-photoshop-expert-alexandre-keese-torrent-
    • http://www.covenantmiami.org/wp-content/uploads/2022/07/Adobe_Acr
    • https://squalefishing.com/advert/lalithasahasranamammeaningintelugu
    • https://holytrinitybridgeport.org/advert/telechargement-sam-le-pompier-
    • https://deradiobingo.nl/wp-content/uploads/2022/07/Official_Oppo_Reno
    • https://www.astrodon.co.za/sites/default/files/webform/qDeskpdf-studio-
    • https://www.kroonliften.com/nl-be/system/files/webform/Official-
    • https://trello.com/c/2mjqb32R/75-portraitpro15410standarded
    • http://bestsonbli.yolasite.com/resources/Buku-Dale-Carnegie-Indonesiapdf.pdf
    • http://www.tcpdf.org
    • http://bestsonbli.yolasite.com/resources/Buku-Dale-Carnegie-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.