Malicious PDF — malware analysis report

Static analysis result for SHA-256 adb27fb68b342595…

MALICIOUS

PDF

125.1 KB Created: 2022-06-13 09:25:07 +02:00 Authoring application: fiamwam (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: bb6803865b71dd0637a9669eeb16a620 SHA-1: bf2fb15725f768a69e74b81fedfabf9931be02df SHA-256: adb27fb68b3425955bd478ef2a17cf17580d1c1f420b0bedb933376cdca6448e
64 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The PDF document exhibits characteristics of a link farm, containing a large number of external URLs. The heuristic 'PDF_SEO_LINK_FARM' indicates that these links are likely designed to direct users to malicious websites, potentially for downloading further malware or engaging in phishing. The presence of embedded URLs further supports this malicious intent.

Machine Learning

  • Nyx PDF Classifier clean score 0.0214

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/Q2hhcmxpZSBBbmQgVGhlIENob2NvbGF0ZSBGYWN0b3J5IEZ1bGwgTW92aWUgSW4gSGluZGkgRnJlZSAzMjEQ2h/blissness/crayon.dhaka/ZG93bmxvYWR8NGtVTVRWNGVEbDhmREUyTlRRNU9Ea3hOako4ZkRJMU56UjhmQ2hOS1NCeVpXRmtMV0pzYjJjZ1cwWmhjM1FnUjBWT1hR/layettes/neechabhaga=thechinaperspective
    • http://slimancity.com/upload/files/2022/06/DwnAK2HPZyvMid2bmJGD_13_e0a1b89592ed258dc7845aa3a079ee90_file.pdf
    • http://www.momshuddle.com/upload/files/2022/06/zGM2I3bTBhhWg3UHDdmg_13_ac608948fbe0336fe3bee7cd4b939ec8_file.pdf
    • https://lear.orangeslash.com/advert/ampex-atr102-mastering-tape-recorder-plugin-link-crack/
    • http://www.emk-reutlingen.de/advert/hd-online-player-what-s-your-raashee-movie-download-k/
    • https://ipayif.com/upload/files/2022/06/lPK7dow51LAKU673Urfc_13_ac608948fbe0336fe3bee7cd4b939ec8_file.pdf
    • https://blackiconnect.com/upload/files/2022/06/xHCQ1ycS1MSM1EsxTTwy_13_edf4f52077893acbef758a0384781ac1_file.pdf
    • https://bikerhall.com/upload/files/2022/06/mvmkkITo2J2wop3sWhr8_13_edf4f52077893acbef758a0384781ac1_file.pdf
    • https://www.sertani.com/upload/files/2022/06/mdiRu6QQJtOkJVFcOBVO_13_964bb3a3b1e0e92a5cbb6c3bc0d9e4ff_file.pdf
    • https://richonline.club/upload/files/2022/06/EDLu1XaYjtSvyyKZGcUU_13_e6b18974aaddfcd2e93075ca2660d334_file.pdf
    • https://nysccommunity.com/advert/satyajit-ray-movies-720p-torrent/
    • https://beta.pinoysg.net/upload/files/2022/06/t6TQHwXgnU8vel9vN9aY_13_e0a1b89592ed258dc7845aa3a079ee90_file.pdf
    • https://kansabook.com/upload/files/2022/06/pRteVCL2SLLOusqu6yS7_13_58cd6059b57f5b34e4e0a58113180cad_file.pdf
    • https://strefanastolatka.pl/advert/obdwiz-professional-add-on-key/
    • https://www.probnation.com/upload/files/2022/06/QbLVNEeJ8DA65d6PNBuo_13_59db21361d3ef9d67e6e84f947bf107a_file.pdf
    • https://blaquecat.com/community/upload/files/2022/06/igBDdZgcEXOYoYzLTXSy_13_59db21361d3ef9d67e6e84f947bf107a_file.pdf
    • https://news.mtkenya.co.ke/advert/download-stellar-mbox-to-pst-converter-crack-16-new/
    • https://kosa.ug/advert/download-style-pack-5-proshow-link/
    • https://webystrings.com/advert/wilcomembroiderystudioe30vdownloadpc-verified/
    • https://lavecindad.club/upload/files/2022/06/FasJccHLLLE5TzQcuI4j_13_e6b18974aaddfcd2e93075ca2660d334_file.pdf
    • https://shapshare.com/upload/files/2022/06/YfG3D92uAfOICCmuT1t6_13_e0a1b89592ed258dc7845aa3a079ee90_file.pdf
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00000e8a.bin
a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0xE8A 120140 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.