Malicious PDF — malware analysis report

Static analysis result for SHA-256 48fd9cc229e045e8…

MALICIOUS

PDF

123.1 KB Created: 2022-07-05 01:42:22 +00:00 Authoring application: wervan (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: db80c604c863a2dd8dd632379b1d2a30 SHA-1: 700aef910ec1f19a8bcbda9ef103fa07675fafe8 SHA-256: 48fd9cc229e045e8b17092be570d31e2830e7f5174c6b65ba57047468d5bb255
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link T1059.001 PowerShell

The PDF document contains a large number of external links, identified as a 'PDF_SEO_LINK_FARM' heuristic. One of the embedded URLs, http://hardlyfind.com/backers/QWRvYmUgUGhvdG9zaG9wIDIwMjAgKHZlcnNpb24gMjEpQWR.daryel/evaporated/imbedded.lavasoft.perna.dentakit?ZG93bmxvYWR8MjlHTVd3MU0zeDhNVFkxTmprNE1UVXdOSHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk, likely leads to a malicious download. The document body was truncated and unreadable, but the presence of numerous links suggests a distribution or phishing attempt.

Machine Learning

  • Nyx PDF Classifier clean score 0.0236

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://hardlyfind.com/backers/QWRvYmUgUGhvdG9zaG9wIDIwMjAgKHZlcnNpb24gMjEpQWR.daryel/evaporated/imbedded.lavasoft.perna.dentakit?ZG93bmxvYWR8MjlHTVd3MU0zeDhNVFkxTmprNE1UVXdOSHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk
    • http://atompublishing.info/?p=20934
    • http://www.yourhomeinbarcelona.com/2022/07/05/adobe-photoshop-2022-version-23-2-crack-full-version-free-april-2022/
    • https://unmown.com/upload/files/2022/07/TulAFU5jb5lPCSYTwdJW_05_c890e9c667c0b369e1d6b582a2b456ad_file.pdf
    • https://getwisdoms.com/wp-content/uploads/2022/07/antand.pdf
    • https://afroworld.tv/upload/files/2022/07/Slrygn8f3mWbBaEAK8KN_05_eba5681b962a1cf02b893c5333cb3975_file.pdf
    • https://bascomania.com/wp-content/uploads/2022/07/brynao.pdf
    • https://harneys.blog/2022/07/05/photoshop-cc-2019-serial-number-full-torrent-win-mac-latest-2022/
    • https://cambodiaonlinemarket.com/wp-content/uploads/2022/07/Adobe_Photoshop_CC_2015_Version_17_Keygen_Download_For_PC_Updated_2022.pdf
    • https://learnpace.com/photoshop-cc-2014-crack-file-only-download/
    • http://findmallorca.com/photoshop-cc-crack-full-version-download-mac-win/
    • https://inmueblesencolombia.com/?p=63331
    • https://ladykave.com/photoshop-2021-version-22-4-free-for-pc/
    • http://xn----dtbhabafp9bcmochgq.xn--p1ai/wp-content/uploads/2022/07/uteasak.pdf
    • https://fennylaw.com/wp-content/uploads/2022/07/Adobe_Photoshop_2021_Version_223.pdf
    • http://ideaboz.com/?p=39685
    • https://jodeyo.com/advert/adobe-photoshop-2021-product-key-2022/
    • https://staging.sonicscoop.com/advert/adobe-photoshop-cs5-crack-license-key-download/
    • https://enigmatic-eyrie-10624.herokuapp.com/Adobe_Photoshop_2021.pdf
    • https://think-relax.com/adobe-photoshop-2021-version-22-0-0-crack-patch-pc-windows-april-2022
    • https://www.incubafric.com/wp-content/uploads/2022/07/ullysy.pdf
    • https://healthfitstore.com/2022/07/05/photoshop-2022-with-registration-code-win-mac-2/
    • https://aqueous-depths-26808.herokuapp.com/Adobe_Photoshop_2021_version_22.pdf
    • https://farmaciacortesi.it/photoshop-2022-hacked-free-download/
    • http://domainbirthday.com/?p=8551
    • https://laissezfairevid.com/adobe-photoshop-2022-version-23-1-serial-number-with-license-code-download-3264bit/
    • https://fierce-garden-79017.herokuapp.com/ellvern.pdf
    • https://ajkersebok.com/adobe-photoshop-2021-version-22-4-3-crack-mega-with-license-key-download-2022/
    • http://www.yourhomeinbarcelona.com/2022/07/05/adobe-photoshop-2022-version-23-2-crack-full-
    • https://unmown.com/upload/files/2022/07/TulAFU5jb5lPCSYTwdJW_05_c890e9c667c0b369e1d6b582a
    • https://afroworld.tv/upload/files/2022/07/Slrygn8f3mWbBaEAK8KN_05_eba5681b962a1cf02b893c533
    • https://cambodiaonlinemarket.com/wp-content/uploads/2022/07/Adobe_Photoshop_CC_2015_Version_
    • https://laissezfairevid.com/adobe-photoshop-2022-version-23-1-serial-number-with-license-code-
    • https://ajkersebok.com/adobe-photoshop-2021-version-22-4-3-crack-mega-with-license-key-
    • https://trello.com/c/uneyYlbJ/92-adobe-photoshop-express-serial-number-free-download-mac-win-updated
    • https://paperpage.sgp1.digitaloceanspaces.com/upload/files/2022/07/t4MkFh8xD6RBqINTrUJA_05_eba5681b962a1cf02b893c5333cb3975_file.pdf
    • https://www.cakeresume.com/portfolios/adobe-photoshop-2021-version-22-4-3-product-key
    • http://www.tcpdf.org
    • https://trello.com/c/uneyYlbJ/92-adobe-photoshop-express-serial-number-free-download-mac-win-
    • https://paperpage.sgp1.digitaloceanspaces.com/upload/files/2022/07/t4MkFh8xD6RBqINTrUJA_05_eba
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.