Malicious PDF — malware analysis report

Static analysis result for SHA-256 f48fff7e768fa84a…

MALICIOUS

PDF

122.2 KB Created: 2022-07-08 07:13:53 +00:00 Authoring application: aleeiman (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: bfb6483ca3f8051e9f2767718a1fbf00 SHA-1: bfc64863a383402b6c1bbeab7e690310e3d46b91 SHA-256: f48fff7e768fa84a4b72bad4c4f7faa057a3bfa479d69efd126d7b30b3525271
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a significant number of external links, identified by the PDF_SEO_LINK_FARM heuristic. One of the embedded URLs, http://findinform.com/compunds/itinerant/flimsier/podolski/ZG93bmxvYWR8ODZpYW14a2MzeDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/scholar/snowmobile.QnVpbGR3aW4gbWVkaWEgcGxheWVyIHVzYiBkZXZpY2UgZHJpdmVyQnV, is particularly noteworthy. The presence of a link farm suggests an attempt to manipulate search engine results or redirect users to potentially malicious content.

Machine Learning

  • Nyx PDF Classifier clean score 0.0156

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://findinform.com/compunds/itinerant/flimsier/podolski/ZG93bmxvYWR8ODZpYW14a2MzeDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/scholar/snowmobile.QnVpbGR3aW4gbWVkaWEgcGxheWVyIHVzYiBkZXZpY2UgZHJpdmVyQnV
    • http://lovelymms.com/abaqus-6-11-crack-free-license-file/
    • https://streetbazaaronline.com/2022/07/08/ultra-fast-receipt-printer-tm200-driver-106-updated/
    • http://ifurnit.ir/2022/07/08/adrianocelentanotorrent/
    • https://www.riseupstar.com/upload/files/2022/07/xXr8jiWUVJYYFnkBzjYn_08_3ddc7f4e7196ce7476562aadd14dbc37_file.pdf
    • https://xtc-hair.com/bentley-stormcad-v8i-selectseries-2-08-11-02-75-link/
    • https://volektravel.com/wp-content/uploads/2022/07/yuanelon.pdf
    • https://cobblerlegends.com/wp-content/uploads/2022/07/Raspberry_Pi_Mpeg2_License_Generator_Crack.pdf
    • https://technospace.co.in/upload/files/2022/07/IiZIr7R3fZ2H7B6f6guL_08_eebed121b5f398ee84a0551ee046ec91_file.pdf
    • https://www.supaanasolutions.com/wp-content/uploads/2022/07/Dragon_Ball_GT_DUALAUDIO_480p_HEVC.pdf
    • http://www.interprys.it/patched-windows-7-ultimate-live-cd-2010-iso-408mb-best.html
    • https://asuperlist.com/wp-content/uploads/2022/07/Turbobit_Turbo_Access_Code_EXCLUSIVE.pdf
    • https://conbluetooth.net/city-navigator-europe-nt-2012-10-mapsource-download-verified-pc-2/
    • https://inobee.com/upload/files/2022/07/kOFUuno2lZCRFzYxXsVh_08_eebed121b5f398ee84a0551ee046ec91_file.pdf
    • https://www.palpodia.com/upload/files/2022/07/xUiwKJ2nCRhTtHXECm9l_08_f449c1232c71083d7b0a82361f7a86fb_file.pdf
    • https://www.recentstatus.com/upload/files/2022/07/YLp5BDstQYwinshyHlED_08_f449c1232c71083d7b0a82361f7a86fb_file.pdf
    • https://dornwell.pl/wp-content/uploads/2022/07/Flobo_Hard_Disk_Repair_41_Full_Crack_Idm_HOT.pdf
    • https://mimaachat.com/upload/files/2022/07/cCWEzIa47sp2qQXzWfo9_08_f449c1232c71083d7b0a82361f7a86fb_file.pdf
    • https://gogathr.live/upload/files/2022/07/qTmrNRX6y99lnVBkCwQ3_08_eebed121b5f398ee84a0551ee046ec91_file.pdf
    • https://www.riseupstar.com/upload/files/2022/07/xXr8jiWUVJYYFnkBzjYn_08_3ddc7f4e7196ce7476562aadd14d
    • https://technospace.co.in/upload/files/2022/07/IiZIr7R3fZ2H7B6f6guL_08_eebed121b5f398ee84a0551ee046ec
    • https://inobee.com/upload/files/2022/07/kOFUuno2lZCRFzYxXsVh_08_eebed121b5f398ee84a0551ee046ec91_fi
    • https://www.palpodia.com/upload/files/2022/07/xUiwKJ2nCRhTtHXECm9l_08_f449c1232c71083d7b0a82361f7a
    • https://www.recentstatus.com/upload/files/2022/07/YLp5BDstQYwinshyHlED_08_f449c1232c71083d7b0a82361
    • https://mimaachat.com/upload/files/2022/07/cCWEzIa47sp2qQXzWfo9_08_f449c1232c71083d7b0a82361f7a86
    • https://gogathr.live/upload/files/2022/07/qTmrNRX6y99lnVBkCwQ3_08_eebed121b5f398ee84a0551ee046ec91
    • https://londaturnier104vzh.wixsite.com/haybloganleu/post/mrtav-ladan-domaci-film-download-better
    • https://esgleamydelun.wixsite.com/sollafookachch/post/dum-laga-ke-haisha-movie-download-in-hindi-mp4-movies-updated
    • http://www.tcpdf.org
    • https://esgleamydelun.wixsite.com/sollafookachch/post/dum-laga-ke-haisha-movie-download-in-hindi-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.