Malicious PDF — malware analysis report

Static analysis result for SHA-256 cce6bcf865b695de…

MALICIOUS

PDF

117.6 KB Created: 2022-07-02 15:45:31 +00:00 Authoring application: deldal (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: ce7ef7734398db022d1bff3c83219be0 SHA-1: d2a6fc57524e61ab7985a20985f32d62453a2b79 SHA-256: cce6bcf865b695de9a14abb7306418338eac2989f9b7e32c882af3a3dc524a47
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting an attempt to direct users to various external resources. One prominent URL, http://seachtop.com/beluga/..., appears to be a download lure. The presence of these links indicates a likely phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier clean score 0.0119

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://seachtop.com/beluga/ZG93bmxvYWR8QkI5TW1GNFozeDhNVFkxTmpjM01UZ3hPSHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk/mete/centenarians=/S2V5Z2VuIFhmb3JjZSBBZG9iZSBQcmVtaWVyZSBDYyBTeXN0ZW0S2V.experiencemartialarts
    • https://www.siriusarchitects.com/advert/desde-mi-cielo-1080p-tv-1-extra-quality/
    • http://www.camptalk.org/wp-content/uploads/2022/07/chrigrai.pdf
    • http://www.louxiran.com/xzu-recovery4-windows-712-free/
    • https://stingerbrush.com/wp-content/uploads/hp_loadrunner_crack_free_30.pdf
    • https://pure-river-45108.herokuapp.com/nicemil.pdf
    • https://www.cameraitacina.com/en/system/files/webform/feedback/gamebryo-40-download.pdf
    • https://coolbreezebeverages.com/dynasty-warriors-9-update-v1-04-codex-torrent/
    • https://storage.googleapis.com/imagens_videos_gou_cooking_prod/production/mesas/2022/07/ce8fb513-autoplay_media_studio_8530_with_serial_key.pdf
    • https://www.ocacp.com/wp-content/uploads/2022/07/3ds_Max_2012_Crack_Free_BEST_Download.pdf
    • https://slab-bit.com/tone2-complete-bundle-v2013-work/
    • http://www.purimlabcoats.net/wp-content/uploads/2022/07/Airy_Youtube_Downloader_Keygen_Crack.pdf
    • https://rosaedu.com/adobe-master-collection-cs6-crack-with-serial-number-download-best/
    • https://cecj.be/wp-content/uploads/2022/07/Turntablist_V5_2_Skin_Virtual_Dj.pdf
    • https://www.mil-spec-industries.com/system/files/webform/maulana-maududi-quran-translation-urdu-downloadgolkes-pdf.pdf
    • https://drmanishhinduja.com/2022/07/02/tomb-raider-2013-german-language-pack/
    • https://2do.net/wp-content/uploads/2022/07/carrbal.pdf
    • https://www.52zhongchou.com/wp-content/uploads/2022/07/berell.pdf
    • http://s3.amazonaws.com/videoondemand-source-8vbop216albp/wp-content/uploads/2022/07/02154527/Telecharger_Pirater_Facebook_2012_V282_Gratuit_INSTALL.pdf
    • https://wakelet.com/wake/WsCHu9Ogxc12xAeisl5tn
    • http://s3.amazonaws.com/videoondemand-source-8vbop216albp/wp-content/uploads/2022/07/02154529/Digital_Film_Tools_Rays_101_Crack_TOP.pdf
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.