Malicious PDF — malware analysis report

Static analysis result for SHA-256 a8c0d6893419c38a…

MALICIOUS

PDF

131.7 KB Created: 2022-07-05 03:28:44 +00:00 Authoring application: imeplen (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: f8b5a998c5a8c0f268527a47784f63a0 SHA-1: aa57b39d76a265c738be32056fa9107586f077d0 SHA-256: a8c0d6893419c38afde0f62f47a02f62e4d08059ecf2f866cec265d250031425
64 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of external links, identified as a link farm, which are likely intended to direct users to sites hosting malicious content or pirated software. The heuristic 'PDF_SEO_LINK_FARM' strongly suggests this malicious intent. The embedded URLs, such as http://blogbasters.com/literate/beneficient/lauenstein/riptides.traipsing/QWRvYmUgUGhvdG9zaG9wIENTMwQWR/ZG93bmxvYWR8RlM2TkdoaWEzeDhNVFkxTmprNE1UVXdOSHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk&plausibility, are suspicious and likely lead to malware downloads.

Machine Learning

  • Nyx PDF Classifier clean score 0.0073

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://blogbasters.com/literate/beneficient/lauenstein/riptides.traipsing/QWRvYmUgUGhvdG9zaG9wIENTMwQWR/ZG93bmxvYWR8RlM2TkdoaWEzeDhNVFkxTmprNE1UVXdOSHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk&plausibility
    • https://followgrown.com/upload/files/2022/07/GsjTvFHMDJSbql2N2gD3_05_143eba521e3cd9a1ad85bc9e93a704ec_file.pdf
    • https://enricmcatala.com/photoshop-2021-version-22-5-keygen-only-with-serial-key-updated/
    • http://www.cpakamal.com/wp-content/uploads/2022/07/henrai.pdf
    • https://bistrot-francais.com/adobe-photoshop-serial-number-and-product-key-crack-serial-key-download/
    • https://wormenhotel.nl/wp-content/uploads/2022/07/Adobe_Photoshop_2020-1.pdf
    • https://www.greatescapesdirect.com/2022/07/adobe-photoshop-2021-version-22-4-1-serial-number-and-product-key-crack-keygen-for-lifetime-2022-latest/
    • http://www.publicpoetry.net/2022/07/adobe-photoshop-cs4-hacked-serial-number-full-torrent-download/
    • https://thecryptobee.com/adobe-photoshop-2022-version-23-0-keygen-only-activation-code-with-keygen-free-download-latest-2022/
    • https://www.mrfoodis.de/wp-content/uploads/2022/07/kelsren.pdf
    • https://iraqidinarforum.com/upload/files/2022/07/sdKWjWXh5iNTnimBcS4R_05_143eba521e3cd9a1ad85bc9e93a704ec_file.pdf
    • https://brandvani.com/2022/07/05/photoshop-2022-version-23-0-1-win-mac-latest-2022/
    • https://worldtradeoptions.com/wp-content/uploads/2022/07/Photoshop_2021.pdf
    • https://knoxvilledirtdigest.com/wp-content/uploads/2022/07/boukama.pdf
    • https://shobeklobek.com/photoshop-2021-version-22-1-0-win-mac/
    • https://wozyzy.com/upload/files/2022/07/w2nnzifSMRbjiSVkpCwt_05_97d1b4baf87bff06a27d934afb8b0185_file.pdf
    • https://totoralillochile.com/advert/adobe-photoshop-2021-version-22-1-0-jb-keygen-exe-2022-latest/
    • https://social.wepoc.io/upload/files/2022/07/13fXTTEs9vwwFNq4IHqr_05_143eba521e3cd9a1ad85bc9e93a704ec_file.pdf
    • https://www.mitrajyothi.org/sites/default/files/webform/Photoshop-2021-Version-2231_0.pdf
    • https://salty-basin-56317.herokuapp.com/Photoshop_2021.pdf
    • https://logocraticacademy.org/photoshop-2021-version-22-5-1-crack-exe-file-x64-final-2022/
    • https://frustratedgamers.com/upload/files/2022/07/bpLybIgi4UOUza5BDW6i_05_427adacb070bf15322d67421bdfff7bb_file.pdf
    • https://secret-bastion-18536.herokuapp.com/wandgab.pdf
    • https://www.arkcitypolice.org/system/files/webform/photoshop-cc-2015.pdf
    • https://sbrelo.com/upload/files/2022/07/9k3edxqWUD8LijihVf4c_05_97d1b4baf87bff06a27d934afb8b0185_file.pdf
    • https://www.avon.k12.ma.us/sites/g/files/vyhlif4136/f/uploads/child_find_2021_1.pdf
    • https://mspresistantstarch.com/2022/07/05/adobe-photoshop-2022-serial-number-mac-win/
    • https://attitude.ferttil.com/upload/files/2022/07/sS288DQcMsJSpEfOdMwL_05_97d1b4baf87bff06a27d934afb8b0185_file.pdf
    • https://fami-tex.com/wp-content/uploads/2022/07/Adobe_Photoshop_2022_Version_230_Patch_full_version__Activation_Code_Free_Download_WinMac.pdf
    • http://it-labx.ru/?p=61458
    • http://valtiders.yolasite.com/resources/Adobe-Photoshop-CC-2018-Version-19-Free.pdf
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.