Malicious PDF — malware analysis report

Static analysis result for SHA-256 ded86f2937307413…

MALICIOUS

PDF

130.5 KB Created: 2022-07-05 04:27:21 +00:00 Authoring application: zevadema (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: c12d0f149a57c53791e7281d651b22d0 SHA-1: d58f1798e4304e4d0d37a7e9542c3d3c83ca838e SHA-256: ded86f29373074132fb0f2e907e152f9a248468593f301bcc3776d77be864afb
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or redirection scheme. One of the primary external URIs points to a URL that appears to be a download link. The document body is heavily obfuscated and does not provide direct clues to the user-facing lure.

Machine Learning

  • Nyx PDF Classifier clean score 0.0073

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://widesearchengine.com/ZG93bmxvYWR8eGU5TmpnM01ueDhNVFkxTmprNE1UVXdOSHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk.book.cupcakes.QWRvYmUgUGhvdG9zaG9wIDIwMjIQWR.intonations.pesci/smidgeon.mudpack
    • https://rakyatmaluku.id/upload/files/2022/07/Xtu1UkR9WV3w7WUT2gQm_05_ef825881f7321afcf115f2f1ce8f2e8b_file.pdf
    • https://mandarinrecruitment.com/system/files/webform/adobe-photoshop-2022-version-232_11.pdf
    • https://www.realteqs.com/teqsplus/upload/files/2022/07/CeWMXDuCgPJTi3AbanCD_05_bf5ce75118aa965bf4e8ade1546a533c_file.pdf
    • https://www.asahisports.nl/wp-content/uploads/Photoshop_CC_2015_Version_16_Install_Crack_.pdf
    • https://friendship.money/upload/files/2022/07/Zl7Sc9PBn6cqpBN3txdI_05_ef825881f7321afcf115f2f1ce8f2e8b_file.pdf
    • https://www.oldlyme-ct.gov/sites/g/files/vyhlif3616/f/uploads/application_burn_permit.pdf
    • https://www.29chat.com/upload/files/2022/07/2OBqDnRoJRFuYXck3gvR_05_31d5404df29e4719cb5b0cfb85aec78b_file.pdf
    • https://www.artec3d.com/es/system/files/webform/business_development/harypawe149.pdf
    • https://chatbook.pk/upload/files/2022/07/PoT1ne9HNZGS4oyaFixB_05_0332a57b274f4d0db05bfd095356d2db_file.pdf
    • https://soulattorney.com/adobe-photoshop-2020-key-generator-for-pc-2022/
    • https://www.careerfirst.lk/sites/default/files/webform/cv/Adobe-Photoshop-2021-version-22_16.pdf
    • https://myrealex.com/upload/files/2022/07/nSdxo1nEoOofEzJOGGQq_05_9f49ab3e3ab31d0d79df9ad89fcfa6da_file.pdf
    • http://turismoaccesiblepr.org/?p=8871
    • http://buyzionpark.com/?p=31528
    • https://jacksonmoe.com/wp-content/uploads/2022/07/Adobe_Photoshop_2021_version_22.pdf
    • https://www.meselal.com/wp-content/uploads/2022/07/uldrkali.pdf
    • https://wocfolx.com/upload/files/2022/07/kQ9EKMMhPX7DkYrbaXQM_05_ef825881f7321afcf115f2f1ce8f2e8b_file.pdf
    • https://studiolegalefiorucci.it/2022/07/05/photoshop-2022-version-23-4-1-mem-patch-license-key-full/
    • https://www.careerfirst.lk/system/files/webform/cv/vanedec17.pdf
    • https://voiccing.com/upload/files/2022/07/LvbNaLpCXOKJBpN1rIbi_05_ef825881f7321afcf115f2f1ce8f2e8b_file.pdf
    • http://rastadream.com/?p=29419
    • https://cameraitacina.com/en/system/files/webform/feedback/horazito282.pdf
    • http://cpstest.xyz/photoshop-2020-version-21-serial-key-free-x64-latest-2022/
    • https://rakyatmaluku.id/upload/files/2022/07/Xtu1UkR9WV3w7WUT2gQm_05_ef825881f7321afcf115f
    • https://www.realteqs.com/teqsplus/upload/files/2022/07/CeWMXDuCgPJTi3AbanCD_05_bf5ce75118aa
    • https://friendship.money/upload/files/2022/07/Zl7Sc9PBn6cqpBN3txdI_05_ef825881f7321afcf115f2f1
    • https://www.29chat.com/upload/files/2022/07/2OBqDnRoJRFuYXck3gvR_05_31d5404df29e4719cb5b
    • https://chatbook.pk/upload/files/2022/07/PoT1ne9HNZGS4oyaFixB_05_0332a57b274f4d0db05bfd095
    • https://myrealex.com/upload/files/2022/07/nSdxo1nEoOofEzJOGGQq_05_9f49ab3e3ab31d0d79df9ad
    • https://wocfolx.com/upload/files/2022/07/kQ9EKMMhPX7DkYrbaXQM_05_ef825881f7321afcf115f2f1c
    • https://voiccing.com/upload/files/2022/07/LvbNaLpCXOKJBpN1rIbi_05_ef825881f7321afcf115f2f1ce8f
    • https://handduckwebdeti.wixsite.com/ticdiabrandex/post/adobe-photoshop-cc-2014-keygen-full-version-download-for-pc
    • https://stinger-live.s3.amazonaws.com/upload/files/2022/07/4UzoDHZ25mMpVmpssD2O_05_31d5404df29e4719cb5b0cfb85aec78b_file.pdf
    • https://trello.com/c/XSmUmwrh/61-adobe-photoshop-cc-2018-serial-key-free-download-updated-2022
    • https://uwaterloo.ca/engineering/system/files/webform/patlet210.pdf
    • https://trello.com/c/RjVpWLu2/42-photoshop-2021-version-22-free-license-key-3264bit
    • https://trello.com/c/14ocNTLK/61-adobe-photoshop-cc-keygen-generator-free-updated-2022
    • https://trello.com/c/KnTkiu0U/80-photoshop-2021-version-2201-serial-key-april-2022
    • http://www.tcpdf.org
    • https://handduckwebdeti.wixsite.com/ticdiabrandex/post/adobe-photoshop-cc-2014-keygen-full-
    • https://stinger-live.s3.amazonaws.com/upload/files/2022/07/4UzoDHZ25mMpVmpssD2O_05_31d540
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.