Malicious PDF — malware analysis report

Static analysis result for SHA-256 3ad70ad3db67a43f…

MALICIOUS

PDF

116.3 KB Created: 2022-07-04 04:27:55 +00:00 Authoring application: glynlan (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: fca20490fa17de6cfce466c267b34430 SHA-1: 29e06a753ba085c40d79eec0dc929a96801ac360 SHA-256: 3ad70ad3db67a43fbadeaccf93b453610cbac83f18342c48760ce664ae4b1997
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a significant number of external links, identified as a link farm. One of the primary URLs, http://thedirsite.com/breadth/ZG93bmxvYWR8a3gxTm01eWNueDhNVFkxTmpnNU1qTTFNbng4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/helpd.kenny=refuel?sanctioning=iconography&dweeb=UkpWaWV3ZXIUkp, appears to be a download or redirection point. The presence of a link farm suggests an attempt to distribute malicious content or manipulate search engine results.

Machine Learning

  • Nyx PDF Classifier clean score 0.0015

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://thedirsite.com/breadth/ZG93bmxvYWR8a3gxTm01eWNueDhNVFkxTmpnNU1qTTFNbng4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/helpd.kenny=refuel?sanctioning=iconography&dweeb=UkpWaWV3ZXIUkp
    • http://conbluetooth.net/?p=23935
    • http://uttaranchalcollege.com/wp-content/uploads/2022/07/lanaldo.pdf
    • https://www.linkspreed.com/upload/files/2022/07/OSjysxDLqJjmkh3tdMnf_04_c9f08be8711ff9f7d644f83c9d7cbad0_file.pdf
    • https://insuredandprotected.com/wp-content/uploads/2022/07/halldei.pdf
    • https://www.raven-guard.info/redynamix-crack-serial-number-full-torrent-free-for-pc-2022/
    • https://www.cameraitacina.com/en/system/files/webform/feedback/customprintscreen.pdf
    • https://loneoak.ms/wp-content/uploads/2022/07/InstallTimeOut.pdf
    • https://divyendurai.com/psa-insert-text-to-srt-crack-final-2022/
    • http://jwbotanicals.com/filequery-2022-new/
    • https://www.rmsqualityservices.com/sites/default/files/webform/WDCompass.pdf
    • https://www.mjeeb.com/scene-flow-free-win-mac/
    • http://texocommunications.com/gapminder-desktop-incl-product-key-free-macwin/
    • https://eastprovidenceri.gov/system/files/webform/paljan20.pdf
    • https://qflash.es/notepad-scratchpad-crack-free-latest/
    • https://www.stayza.com/wp-content/uploads/2022/07/WavePurity_Professional.pdf
    • https://lasdocas.cl/totally-free-converter-license-key-free-download-3264bit/
    • http://xn----dtbhabafp9bcmochgq.xn--p1ai/wp-content/uploads/2022/07/LingvoSoft_Suite_2008_English_Dutch.pdf
    • https://germanconcept.com/chuls-gmail-notifier-crack-download-x64/
    • http://www.giffa.ru/financetaxes/ready-maker-crack-pc-windows-april-2022/
    • https://woodpetelonochsisc.wixsite.com/plicereasvir/post/lotto-powerplayer-for-prediction-crack
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.