Malicious PDF — malware analysis report

Static analysis result for SHA-256 b6aa16779a84edc8…

MALICIOUS

PDF

115.0 KB Created: 2022-07-02 13:28:39 +02:00 Authoring application: ardviv (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 189aea0d3754e4a1ef45b3762908aac0 SHA-1: 1ce7196aa80ae01a9c593c1f34084153898e4ab8 SHA-256: b6aa16779a84edc8a567ef0be20533b44cfa811ccb35dc351ab178d539476431
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of external links, identified as a link farm, which is a common technique for distributing malicious content or redirecting users to phishing sites. The primary URL, http://mydrugdir.com/..., appears to be a staging point for further malicious activity. The heuristic firings indicate a deliberate attempt to create a deceptive structure within the PDF.

Machine Learning

  • Nyx PDF Classifier clean score 0.0114

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://mydrugdir.com/ZG93bmxvYWR8SmE0Wld0dmQzeDhNVFkxTmpjeE1qTXdOWHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk/grabbing.normally/ilgauskas/penney/reacquire/strangler?TWF0YW5hIE1pU2hhbWF5aW0gKDIwMDMpTWF
    • http://rydbergaren.se/wp-content/uploads/2022/07/Car_Mechanic_Simulator_2014_Torent_Tpb_LINK.pdf
    • https://talkitter.com/upload/files/2022/07/2Yj8OxiUjbVBcHaI4dJQ_02_3b335e117bb81cdad2ec6aa2ed785322_file.pdf
    • https://coleccionohistorias.com/wp-content/uploads/2022/07/isabmar.pdf
    • https://www.lavozmagazine.com/advert/all-time-low-straight-to-dvd-full-install-concert-m4v/
    • https://secure-river-81444.herokuapp.com/jolyyess.pdf
    • https://nashvilleopportunity.com/someskunkfunkmidi-hot/
    • https://recreovirales.com/learn-programming-in-java-by-anshuman-sharma-pdf-115l-link/
    • https://lachouettepicerie.com/wp-content/uploads/2022/07/goldysi.pdf
    • https://serippy.com/dr-fone-10-3-2-crack-keygen-portable-2020/
    • https://discoverlosgatos.com/wp-content/uploads/2022/07/rexayah.pdf
    • http://robinzoniya.ru/?p=23380
    • https://brainbakerymag.com/hindi-movie-paap-tamil-dubbed-full-download-hot/
    • https://germanconcept.com/electricvlab-free-download-key-serial-number-top/
    • https://sissycrush.com/upload/files/2022/07/aq1L2a5Nrb7CLAxK9lRC_02_3b335e117bb81cdad2ec6aa2ed785322_file.pdf
    • https://wishfruits.com/wp-content/uploads/2022/07/gta_san_andreas_ptmg_edition_21_ps2_download.pdf
    • https://facethai.net/upload/files/2022/07/D6CFvfWzQwqj6SZjVtjA_02_b2e9b707f6622edbdcb0d1f4bb49d67b_file.pdf
    • http://thingsforfitness.com/rudraksh-full-patched-movie-in-hindi-download-3gp-movie/
    • https://hulpnaongeval.nl/wp-content/uploads/Football_Manager_2019_Touch__All_Players_Interested_torrent_Free_Full.pdf
    • https://cupcommunity.com/wp-content/uploads/2022/07/Sly_Cooper_Thieves_In_Time_Full_Movie_Download_In_Hindi_Hd_NEW.pdf
    • http://www.rixridy.com/?p=21491
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.