analyzing-malicious-document-files[.]pdf

Sharing

Copy URL

Twitter E-mail

General

Target

analyzing-malicious-document-files.pdf
Size

218KB
MD5

7155f3f607cf253b532c850dd3d2791e
SHA1

22534554a093bfa853847e7f5fa6f126c57a0610
SHA256

bde3b102cd7ce540ee9838727f6aad628669f81c255d1a38bc72b0047eb33958
SHA512

fa2bbf5050caa8ec829ee827784557ea8c547d02a4fb186f8f09a99d1ffddf6a20817fa3b2577e76f39d9af472c6335b64ad8b4c2f335655a2287d5967950cd9
SSDEEP

6144:hEnKu4k9bvu6nphAR3gUDe3XyynysdtMDg6/RtLzUCZxY7Cr6926vXrX:OKu467dphe7KvysgDg6p5zUi569dX

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
pdf link

Processes:

resource yara_rule

sample pdf_with_link_action
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

resource	yara_rule
sample	pdf_with_link_action

Files

analyzing-malicious-document-files.pdf
.pdf
- https://www.sans.org/blog/srp-streams-in-ms-office-documents-reveal-earlier-versions-of-malicious-macros/
- https://videos.didierstevens.com/2014/08/14/zipdump-py/
- https://github.com/decalage2/oletools/wiki/olevba
- https://blog.didierstevens.com/programs/oledump-py/
- https://blog.didierstevens.com/2018/01/15/update-xmldump-py-version-0-0-2/
- https://github.com/decalage2/ViperMonkey
- https://github.com/outflanknl/EvilClippy
- https://github.com/nolze/msoffcrypto-tool
- https://github.com/bontchev/pcodedmp
- https://github.com/Big5-sec/pcode2code
- https://www.decalage.info/python/rtfobj
- https://blog.didierstevens.com/2016/08/02/rtfdump-update-and-videos/
- https://github.com/DissectMalware/XLMMacroDeobfuscator
- https://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
- https://blog.didierstevens.com/programs/pdf-tools/
- http://qpdf.sourceforge.net/
- https://blog.didierstevens.com/2014/09/29/update-xorsearch-with-shellcode-detector/
- http://sandsprite.com/blogs/index.php?uid=7&pid=152
- https://github.com/edygert/runsc
- https://blog.didierstevens.com/2017/07/02/update-base64dump-py-version-0-0-7/
- https://videos.didierstevens.com/2016/10/11/maldoc-numbers-to-string-py/
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
- https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cscript
- https://github.com/CapacitorSet/box-js
- https://gist.githubusercontent.com/mattifestation/e179218d88b5f100b0edecdec453d9be/raw/2329bda456b5b8e2f973cc5dc026b6fc221dad79/AMSIScriptContentRetrieval.ps1
- https://zeltser.com/automated-malware-analysis/
- https://remnux.org/
- http://zipdump.py
- http://oledump.py
- http://xmldump.py
- http://rtfobj.py
- http://rtfdump.py
- http://pdfid.py
- http://pdf-parser.py
- http://base64dump.py
- http://numbers-to-string.py
- http://AMSIScriptContentRetrieval.ps
- http://zeltser.com/cheat-sheets.
- Show all