Malicious PDF — malware analysis report

Static analysis result for SHA-256 d569dfc958ac0b73…

MALICIOUS

PDF

127.3 KB Created: 2022-07-06 07:52:58 +00:00 Authoring application: croshors (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 21eef8861ad302d36dd20413c9cba1b0 SHA-1: 60d57e4630cc5eb2e0e21aa8fba79b2b33067445 SHA-256: d569dfc958ac0b7388fe1e98ebedd765efba15e89c4d84f940d3b48ee05ab2b9
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a large number of external links, many of which appear to be disguised as software downloads or cracks. The heuristic 'PDF_SEO_LINK_FARM' indicates a deliberate attempt to create a link farm, likely to direct users to malicious sites or to host further malware. The primary IOC is the first external URI found, which is a complex URL that may lead to a payload download.

Machine Learning

  • Nyx PDF Classifier clean score 0.0066

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://mydrugdir.com/attributed/correxion?ZG93bmxvYWR8SVg2WTI5NlpYeDhNVFkxTnpBMk56RTFOSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=VXMgcGF0ZW50IG5vcyA0NjAzIGRyaXZlciBkb3dubG9hZAVXM&austin=fusss.methylmercury&heliotropine=mistinguett
    • https://www.cameraitacina.com/en/system/files/webform/feedback/crack-aft-fathom-1001103-build-20180612-full-with-medicinebabupc.pdf
    • https://thelacypost.com/epubor-audible-converter-crack-with-license-key-free-extra-quality/
    • https://www.place-corner.com/three-kingdoms-legends-of-heroes-crack-activation-code-free/
    • https://voiccing.com/upload/files/2022/07/Rnbh6rtaOXuuUUrtiWOR_06_fadea998b49813ff29dd06e12ec16ec5_file.pdf
    • https://24hairnow.com/wp-content/uploads/2022/07/HyperDot_PC_Game_Free_Download.pdf
    • https://bitcointrading.se/?p=7875
    • http://beepublishing.nl/2022/07/06/bhool-bhulaiyaa-2007-720p-bluray-x264-ac3-51-esubs-download-fixhubmkv/
    • https://www.cameraitacina.com/en/system/files/webform/feedback/el-origen-de-la-vida-antonio-lazcano-pdf-download.pdf
    • https://www.ekifoods.com/wp-content/uploads/2022/07/List_Of_Games_That_Work_On_Cracked_Steam_High_Quality-1.pdf
    • https://www.kitteryme.gov/sites/g/files/vyhlif3316/f/uploads/appointment_application_for_town_boards_-_january_2021-_fillable.pdf
    • https://rebatecircle.com/wp-content/uploads/2022/07/subtitles_game_of_thrones_s03e07720p_hdtv_x2642hd.pdf
    • https://passaportebrasileirousa.com/stellar-phoenix-sql-database-repair-v8-15-10-verified-crack-full-version/
    • https://big-plate.de/2022/07/06/pengantar-ilmu-politik-miriam-budiardjo-pdf-download-upd/
    • https://cuteteddybearpuppies.com/2022/07/autodesk-autocad-2010-keygens-only-x-force-32-64bits-rh-download-link-pcbfdcm/
    • https://descargatelo.net/pc/cloud/komik-tinju-bintang-utara-pdf-download-exclusive/
    • http://www.aceportocolom.org/wp-content/uploads/2022/07/Adobe_Acrobat_XI_Pro_1101_Multilanguage_ChingLiu_Serial_Key.pdf
    • http://rbics.net/?p=3504
    • https://ideaboz.com/wp-content/uploads/2022/07/khrgal.pdf
    • https://www.warwicktownship.org/sites/g/files/vyhlif5151/f/u136/forge_the_future_2022_final_plan.pdf
    • https://www.cameraitacina.com/en/system/files/webform/feedback/cra
    • https://thelacypost.com/epubor-audible-converter-crack-with-license-
    • https://www.place-corner.com/three-kingdoms-legends-of-heroes-
    • https://voiccing.com/upload/files/2022/07/Rnbh6rtaOXuuUUrtiWOR_06
    • https://24hairnow.com/wp-
    • http://beepublishing.nl/2022/07/06/bhool-bhulaiyaa-2007-720p-bluray-
    • https://www.cameraitacina.com/en/system/files/webform/feedback/el-
    • https://www.ekifoods.com/wp-content/uploads/2022/07/List_Of_Games
    • https://www.kitteryme.gov/sites/g/files/vyhlif3316/f/uploads/appointme
    • https://rebatecircle.com/wp-content/uploads/2022/07/subtitles_game_
    • https://passaportebrasileirousa.com/stellar-phoenix-sql-database-
    • https://big-plate.de/2022/07/06/pengantar-ilmu-politik-miriam-
    • https://cuteteddybearpuppies.com/2022/07/autodesk-autocad-2010-ke
    • https://descargatelo.net/pc/cloud/komik-tinju-bintang-utara-pdf-
    • http://www.aceportocolom.org/wp-content/uploads/2022/07/Adobe_Acr
    • https://www.warwicktownship.org/sites/g/files/vyhlif5151/f/u136/forge_
    • https://emealjobs.nttdata.com/pt-pt/system/files/webform/ellihyr811.pdf
    • http://www.tcpdf.org
    • https://emealjobs.nttdata.com/pt-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.