PDF malware analysis — malicious · ef759afcae3202b8

MALICIOUS

PDF

115.7 KB Created: 2022-07-02 18:12:24 +00:00 Authoring application: malvwani (via PDF Master 1.0.1) First seen: 2022-07-15

MD5: 8003b1cc52115a099c94be59e003b6a0 SHA-1: ac9e5a8322c1c34c0af025c8857d9f2126b83de1 SHA-256: ef759afcae3202b82128f077c70da581f21f53dcb1aff1fb3bfd87b84e786ce1

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document exhibits a critical heuristic for a link farm, containing numerous external URLs. One notable URL, http://find24hs.com/..., suggests a potential download or redirection to malicious content. The presence of many external links indicates a likely attempt to distribute malware or conduct phishing operations by directing users to compromised or malicious websites.

Machine Learning

Nyx PDF Classifier clean score 0.0231

Heuristics 3

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://find24hs.com/aUNsb3VkIFJlbW92ZXIgMS4wLjIgQ3JhY2sgUGx1cyBBY3RpdmF0aW9uIENvZGUgRnVsbCBWZXJzaW9uIERvd25sb2FkaUN.marinovich/sicker.cardwatch.ZG93bmxvYWR8OHg4TmpOak5IeDhNVFkxTmpjM01UZ3hPSHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk/houseflies/itchier
- http://www.chandabags.com/3dmgame-football-manager-2015-v15-1-3-cracked-3dm-7z-link/
- https://www.ahaspora.com/wp-content/uploads/2022/07/kymfaty.pdf
- https://fitvending.cl/wp-content/uploads/2022/07/descargar_crack_para_colin_mcrae_dirt_2_pc.pdf
- https://community.thecityhubproject.com/upload/files/2022/07/vW16n2LpWVGGCykZrfxn_02_e6ff95df4118e096f3bffe3484c091ba_file.pdf
- https://www.hotels-valdys.fr/non-classe/parks-recreation-season-1-720p-torrent
- https://logocraticacademy.org/bet-on-soldier-download-setup-for-pc-exclusive/
- http://manpower.lk/?p=3216
- https://www.dpfremovalnottingham.com/wp-content/uploads/2022/07/laurman.pdf
- https://citizenrelocations.com/2022/07/mudbox-2009-en-32bit-with-crack-x-force-free.html
- https://www.dancesocksbcn.com/advert/neypayasam-short-story-in-malayalam-pdf-160/
- https://www.slas.lk/advert/power-designer-6-0-portable-rar/
- http://www.oscarspub.ca/wp-content/uploads/2022/07/interworx_control_panel_nulled_11.pdf
- https://ardancestudios.com/wp-content/uploads/2022/07/Gps_Igo_Amigo_84_Download_PORTABLE.pdf
- https://vv411.com/advert/hd-online-player-vipmarathi-movie-download-link-2015-deool/
- https://marketstory360.com/cuchoast/2022/07/Crackantiddosguardian20_EXCLUSIVE.pdf
- https://plugaki.com/upload/files/2022/07/Y68CrSyr3f24kKCPAXeo_02_e6ff95df4118e096f3bffe3484c091ba_file.pdf
- https://www.theblender.it/seinfeld-season-9-dvdrip-torrent-free-download/
- https://stitymlacriapinbes.wixsite.com/ephflatretpedd/post/windows-10-superlite-compact-gaming-edition-1909-19h2-x64-ghost-spectre-free
- https://skresha6n.wixsite.com/darconcforri/post/princess-lover-game-patch-english-rar-install
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.