Malicious PDF — malware analysis report

Static analysis result for SHA-256 dfbce9ac92cc73b7…

MALICIOUS

PDF

115.1 KB Created: 2022-07-08 05:51:52 +00:00 Authoring application: notles (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 677bd2a04497d5e77bc6f06217710700 SHA-1: f1a54c62df2b2fd52743386de752052565927567 SHA-256: dfbce9ac92cc73b79dc7b038dad362cd1dafa2481fc26acf6f96c81dc9c8bab0
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell T1204.002 Malicious Link

The PDF file contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links likely serve to redirect users to malicious websites or to host further malicious content. The PDF_URI heuristic also points to a specific suspicious URL, suggesting a download or redirection attempt. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier clean score 0.0187

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://lehmanbrotherbankruptcy.com/angels/gauss/U3dlZGlzaCBEcml2aW5nIExpY2Vuc2UgQm9vayBQZGYgLS0U3d/cassettes.ZG93bmxvYWR8dUEzYUcxdmNIeDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/incidence.pnisbet/safm
    • http://chat.xumk.cn/upload/files/2022/07/l4TrFI9OnIftrFVfIqDB_08_f82bc78c170979471cb1557a4303a8a0_file.pdf
    • https://piamet.com/wp-content/uploads/2022/07/Download_Muhammad_Nabina_Arabic_Naat_Mp3l.pdf
    • https://plumive.com/upload/files/2022/07/dSlTedx8wKE2OWzSTMVI_08_a974a6b2360b01ba23b63a1cc966031b_file.pdf
    • https://vivegeek.com/wp-content/uploads/2022/07/Examples_Of_Good_And_Bad_Essay_Introductions.pdf
    • https://www.essexma.org/sites/g/files/vyhlif4406/f/uploads/050222_atm_warrant.pdf
    • http://beliketheheadland.com/wp-content/uploads/2022/07/talnik.pdf
    • http://www.giffa.ru/who/activarabbyyfinereader11work-keygen/
    • https://blogdelamaison.com/wp-content/uploads/2022/07/CandydollTV__Laura_B__Sets_130_36_TOP.pdf
    • https://promwad.com/sites/default/files/webform/tasks/webcammax-7132-multilanguage-crack.pdf
    • http://dummydoodoo.com/?p=21473
    • https://www.riseupstar.com/upload/files/2022/07/q26hEFrfG2eMctQkFjdt_08_a974a6b2360b01ba23b63a1cc966031b_file.pdf
    • https://www.vsv7.com/upload/files/2022/07/PTxuHF3WjuYQiMEJxFSm_08_a974a6b2360b01ba23b63a1cc966031b_file.pdf
    • http://www.male-blog.com/wp-content/uploads/2022/07/Nelkon_And_Parker_Advanced_Level_Physics_Pdf_229.pdf
    • https://telegramtoplist.com/pavlovvrdownloadfullversion-better/
    • https://coutureforthebride.com/wp-content/uploads/2022/07/jamambr.pdf
    • https://blackbusinessdirectories.com/wp-content/uploads/2022/07/nikfer.pdf
    • http://kathebeaver.com/?p=3428
    • http://imeanclub.com/?p=79423
    • https://queery.org/wp-content/uploads/2022/07/Honeywell_Unisim_Design_Suite_R390_1zip.pdf
    • https://www.desu.edu/system/files/webform/2531/le-marketing-pour-les-nuls-pdf-gratuit.pdf
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.