Malicious PDF — malware analysis report

Static analysis result for SHA-256 9bf8c2a7c96fa4b8…

MALICIOUS

PDF

120.1 KB Created: 2022-07-08 05:59:13 +00:00 Authoring application: catrvera (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 71352f48d9283907c0b29474ce8e6090 SHA-1: 8be602a75c2d425ba7a18b72a825c69a2e5380d8 SHA-256: 9bf8c2a7c96fa4b80fa27c1fb8037509a7386862236bc3a06060a336093990b5
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a significant number of external links, identified as a link farm, with the primary suspicious URL being http://find24hs.com/considerd/.... This suggests the document's purpose is to redirect users to potentially malicious websites for further exploitation. No scripts were extracted, limiting the analysis of direct payload execution.

Machine Learning

  • Nyx PDF Classifier clean score 0.0378

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://find24hs.com/considerd/ZG93bmxvYWR8aFU1YUhSb1lYeDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA?latino=onenote&motorola=overlay/waleran.RG93bmxvYWQgTm92ZWwgTmVnZXJpIDUgTWVuYXJhIFBkZiBGdWxsRG9
    • https://fabianozan.com/?p=10110
    • https://www.tailormade-logistics.com/sites/default/files/webform/spausa598.pdf
    • http://t2tnews.com/red-giant-universe-1-2-0-plugin-adobe-win64-team-vr-chingli-__top__-download-pc/
    • https://chatbook.pk/upload/files/2022/07/pLFOvrdxD6vx6ltfVLQo_08_9663af9859d1e8d61ecf96dbeceb6a76_file.pdf
    • https://stompster.com/upload/files/2022/07/ZQxYqHerakZDtFdFx9kj_08_9663af9859d1e8d61ecf96dbeceb6a76_file.pdf
    • https://movingservices.us/index.php/2022/07/08/wondershare-quiz-creator-4-1-0-crack-upd/
    • https://trikonbd.com/wp-content/uploads/2022/07/Xforce_Robot_Structural_Analysis_Professional_2018_Free_Down.pdf
    • https://cb4.travel/wp-content/uploads/2022/07/RSForm_Pro_140_Rev45_For_Joomla_25.pdf
    • https://poetzinc.com/upload/files/2022/07/TV1me8MmIGf3uGy1UCht_08_9663af9859d1e8d61ecf96dbeceb6a76_file.pdf
    • https://9escorts.com/advert/gouru-tirupati-reddy-vastu-books-in-telugu-better/
    • https://likesmeet.com/upload/files/2022/07/hUxLGT8WTBHgCuZsJDIC_08_9663af9859d1e8d61ecf96dbeceb6a76_file.pdf
    • https://golden-hands.co/ativador-windows-13-kms-2019-new-crack/
    • https://studiolight.nl/wp-content/uploads/2022/07/dbforge_studio_for_mysql_professional_cracked.pdf
    • https://www.iroschool.org/wp-content/uploads/2022/07/yushhalv.pdf
    • https://www.artec3d.com/ja/system/files/webform/business_development/takmil354.pdf
    • https://ubiz.chat/upload/files/2022/07/8WAefvo5FyOwrifDW83j_08_9663af9859d1e8d61ecf96dbeceb6a76_file.pdf
    • https://kramart.com/wp-content/uploads/2022/07/Descargar_Prism3d_Engine_Para_Windows_7_105.pdf
    • http://t2tnews.com/red-giant-universe-1-2-0-plugin-adobe-win64-team-vr-chingli-__top__-download-
    • https://chatbook.pk/upload/files/2022/07/pLFOvrdxD6vx6ltfVLQo_08_9663af9859d1e8d61ecf96dbece
    • https://stompster.com/upload/files/2022/07/ZQxYqHerakZDtFdFx9kj_08_9663af9859d1e8d61ecf96db
    • https://trikonbd.com/wp-
    • https://poetzinc.com/upload/files/2022/07/TV1me8MmIGf3uGy1UCht_08_9663af9859d1e8d61ecf96d
    • https://likesmeet.com/upload/files/2022/07/hUxLGT8WTBHgCuZsJDIC_08_9663af9859d1e8d61ecf96d
    • https://ubiz.chat/upload/files/2022/07/8WAefvo5FyOwrifDW83j_08_9663af9859d1e8d61ecf96dbeceb
    • https://kramart.com/wp-
    • http://wargansse.yolasite.com/resources/Kuldip-Patwal-I-Didn-t-Do-It--1080p-Bluray-Movie-Download-EXCLUSIVE.pdf
    • http://tuiflysan.yolasite.com/resources/Dell-1d3b-1f5a-3a5b-UPD-Keygen-30.pdf
    • https://stinger-live.s3.amazonaws.com/upload/files/2022/07/qlTNs34sEeYqwibSahlh_08_9663af9859d1e8d61ecf96dbeceb6a76_file.pdf
    • http://www.tcpdf.org
    • http://wargansse.yolasite.com/resources/Kuldip-Patwal-I-Didn-t-Do-It--1080p-Bluray-Movie-Download-
    • https://stinger-live.s3.amazonaws.com/upload/files/2022/07/qlTNs34sEeYqwibSahlh_08_9663af9859d
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.