PDF static analysis report

Static analysis result for SHA-256 ac47ae1344e65185…

SUSPICIOUS

PDF

247.2 KB Created: 2022-07-06 15:10:30 +00:00 Authoring application: patker (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 0a2fef1fcc1c8e75ecf7aa9fadb93010 SHA-1: 9729197e65a3b41e6bd6968ad4d1c47014254f3d SHA-256: ac47ae1344e65185f701df2faeec925d0344de0daf4601f39c098c5882542e2d
52 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The PDF document contains an external URI pointing to a suspicious domain, likely intended to host a malicious payload. The presence of heuristics for a download button lure and password-protected archive instructions indicates a social engineering attempt to trick the user into downloading and decrypting malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier clean score 0.0065

Heuristics 4

  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://find24hs.com/ascii/berlusconi/?ZG93bmxvYWR8WWU3YlRWbFkzeDhNVFkxTnpBMk56RTFOSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=rightmove&chihuly=good/Z3RhIG5hbWFzdGUgYW1lcmljYSBnYW1lIHNldHVwIHNvZnRvbmljIGZyZWUgZG93bmxvYWRnb2xrZXMZ3R PDF link annotation
    • https://mandarinrecruitment.com/system/files/webform/combat-mission-battle-for-normandy-20-cracked.pdfIn PDF document text
    • https://cuteteddybearpuppies.com/2022/07/serial-excel-password-recovery-lastic-1-1-full-extra-quality-rar/In PDF document text
    • https://scappy.bmde-labs.com/upload/files/2022/07/dIQnryqUyT6IFUND7eoL_06_9dd7d0ccb3d43acfdff099e90820ea75_file.pdfIn PDF document text
    • https://comunicare-online.ro/wp-content/uploads/2022/07/Icono_WordPress_en_diferentesformatos.pdfIn PDF document text
    • https://jobkendra.com/wp-content/uploads/2022/07/Mythology_Timeless_Tales_Of_Gods_And_Heroes_Pdfpdf.pdfIn PDF document text
    • https://lavo-easy.ch/wp-content/uploads/2022/07/britwile.pdfIn PDF document text
    • http://sosuaenvivo.com/wp-content/uploads/2022/07/dejpay.pdfIn PDF document text
    • http://awaazsachki.com/?p=43562In PDF document text
    • http://www.pickrecruit.com/wp-content/uploads/2022/07/gavryele.pdfIn PDF document text
    • https://www.belmont-ma.gov/sites/g/files/vyhlif6831/f/uploads/covid_19_safety_tips.pdfIn PDF document text
    • http://www.hva-concept.com/civilization-5-trainer-1-0-0-17-rar-exclusive/In PDF document text
    • https://opinapy.com/wp-content/uploads/2022/07/ningval.pdfIn PDF document text
    • https://jewishafrica.news/advert/moorefield-intel-driver-epub-_verified_/In PDF document text
    • https://sssi.net/sites/default/files/webform/GTA--San-Andreas-All-Missions-COMPLETED-Save-Game-Files-are-Here.pdfIn PDF document text
    • https://wmondemand.com/?p=19086In PDF document text
    • https://www.reperiohumancapital.com/system/files/webform/nfs-most-wanted-copspeech-big-sound-file-rapidshare.pdfIn PDF document text
    • https://markusribs.com/download-mega-facepack-for-football-manager-2011-best/In PDF document text
    • https://rwix.ru/wp-content/uploads/2022/07/Mazacam_LINK_Free_Trial_Download.pdfIn PDF document text
    • https://wmich.edu/system/files/webform/jarjan632.pdfIn PDF document text
    • https://s3-us-west-2.amazonaws.com/mmoldata/wp-content/uploads/2022/07/06151028/Ingenieria_De_Transito_Y_Carreteras_Nicholas_Garber_Descarga.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text