Malicious PDF — malware analysis report

Static analysis result for SHA-256 c0a74e3a3ff12a88…

MALICIOUS

PDF

123.6 KB Created: 2022-07-05 02:07:04 +00:00 Authoring application: handmar (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 2aa302e73a33d73ef71e61cfbda7ee40 SHA-1: 36efcac197c48700449c293f07cb9231ecc00dc6 SHA-256: c0a74e3a3ff12a8834b45d68029e7cabae1f18176172963cbdf4b2ca31ef09f5
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or redirection tactic. One of the primary external URIs points to http://rocketcarrental.com/, which likely serves as a distribution point for malicious content. The document body is heavily obfuscated and does not provide direct clues to the user-facing lure.

Machine Learning

  • Nyx PDF Classifier clean score 0.0077

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://rocketcarrental.com/QWRvYmUgUGhvdG9zaG9wIENDIDIwMTggdmVyc2lvbiAxOQQWR/panellets/ecac.gelfand?absentees=lifemate..&ZG93bmxvYWR8d0k3TW1GNU4zeDhNVFkxTmprNE1UVXdOSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=lune
    • https://newsafrica.world/2022/07/photoshop-2022-version-23-0-2-crack-full-version-with-registration-code-updated/
    • https://werco.us/wp-content/uploads/2022/07/Adobe_Photoshop_2021_version_22.pdf
    • https://vietnamnuoctoi.com/upload/files/2022/07/PMcYMKnJ7Tf4yqKquMOK_05_2f84b15a50cdc372552d5b0b967ec095_file.pdf
    • https://seniorhelpandyou.com/wp-content/uploads/2022/07/Photoshop_CS3.pdf
    • https://www.conroyremovals.com.au/system/files/webform/careers/adobe-photoshop-2022-version-2301.pdf
    • https://propertynet.ng/photoshop-2022-version-23-4-1-hack-patch-free/
    • https://hominginportland.com/adobe-photoshop-cc-2015-version-16-patch-full-version-license-keygen-download/
    • http://bookmanufacturers.org/photoshop-cs3-jb-keygen-exe-license-code-keygen-free-win-mac-updated-2022
    • https://sandyssayings.com/wp-content/uploads/2022/07/Adobe_Photoshop_2022_Version_232_Crack_Keygen___Download_3264bit_Final_2022.pdf
    • https://octopi.nl/wp-content/uploads/2022/07/Photoshop_CS5.pdf
    • https://www.swinoujskie.info/advert/adobe-photoshop-cc-2015-crack-mega-keygen-download/
    • https://comoemagrecerrapidoebem.com/wp-content/uploads/2022/07/Photoshop_CC_2018_Version_19_Serial_Number___Keygen_For_LifeTime_Free_Download_For_PC_Late.pdf
    • https://volektravel.com/wp-content/uploads/2022/07/Adobe_Photoshop_2022_Version_230.pdf
    • https://ferramentariasc.com/2022/07/05/photoshop-cc-2019-crack-keygen-with-serial-number-with-license-key-for-pc/
    • https://desifaceup.in/upload/files/2022/07/x2r37KFeALJEubKHhsz6_05_25e083befadef18771ac992d7d53d581_file.pdf
    • https://hanffreunde-braunschweig.de/photoshop-cc-2015-version-17-keygen-full-version-pc-windows-final-2022/
    • http://www.giffa.ru/who/adobe-photoshop-2021-version-22-4-3-crack-exe-file-download-for-windows/
    • https://ideaboz.com/2022/07/05/photoshop-2022-version-23-0-keygen-crack-serial-key-with-key-free-download/
    • http://www.vxc.pl/?p=39426
    • https://bunkerbook.de/upload/files/2022/07/OZYHoP8e27RS7qRUCyvT_05_25e083befadef18771ac992d7d53d581_file.pdf
    • https://thecryptobee.com/photoshop-2022-version-23-4-1-crack-keygen-with-serial-number-license-keygen-free-download-mac-win-2022/
    • https://bastakiha.ir/wp-content/uploads/2022/07/seveels.pdf
    • https://1orijin.com/upload/files/2022/07/xieTpom4cydcXxtvagx5_05_c70768d0ac1abdf0fb98288d5f1a027b_file.pdf
    • https://www.clearlakewi.com/wp-content/uploads/2022/07/Photoshop_CS4.pdf
    • http://garage2garage.net/advert/adobe-photoshop-2022-with-full-keygen-2022-latest/
    • https://buycoffeemugs.com/photoshop-2021-install-crack-free-download/
    • https://adminfellowship.duhs.duke.edu/system/files/webform/anasrea82.pdf
    • https://socialstudentb.s3.amazonaws.com/upload/files/2022/07/Ma4Cton3Bjl4RkWahY33_05_ccde04ae7390f234711608342a568fe8_file.pdf
    • https://wakelet.com/wake/3yIyR1qboXruGDsqX_6TI
    • https://mentorthis.s3.amazonaws.com/upload/files/2022/07/YRrLfQDPiSgILsxVydC3_05_25e083befadef18771ac992d7d53d581_file.pdf
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.