2ab90c672a87f64ea5fce85d5ed5761715d6ab8f1cd8e6d28a73bb9cefd35742

Sharing

Copy URL

Twitter E-mail

General

Target

2ab90c672a87f64ea5fce85d5ed5761715d6ab8f1cd8e6d28a73bb9cefd35742
Size

17.2MB
MD5

b98f2dbde8d21be3eba38a2a16fd9280
SHA1

0abae3f1c6cf9f5e2f0f58e72f07ef76b95cb296
SHA256

2ab90c672a87f64ea5fce85d5ed5761715d6ab8f1cd8e6d28a73bb9cefd35742
SHA512

6b04e5b1c2cb2d00cbc999cd5dee66c6acd3bdc70dee680bf9f348d2f5b1c4ae70c02e5ce8b0e87fb47eb804a45b0e2c1005e88ed96b5c733fc2e206d1671404
SSDEEP

196608:h6kEZlZ2MYTmBSV+cHY9f3a7cG5fdjPPNtlUlDXuNpehej+befFoOgVPu61dKwXW:kZlE+c37cG5lLNfUlzxh8fl4261dKN

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
sample	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

2ab90c672a87f64ea5fce85d5ed5761715d6ab8f1cd8e6d28a73bb9cefd35742
.pdf
- http://www.informit.com/articles/article.aspx?p=1686289
- http://git.gnome.org/browse/gedit/tree/gedit?id=3.3.1
- http://dl.packetstormsecurity.net/papers/virus/Sophail.pdf
- http://www.practicalmalwareanalysis.com/
- http://www.nostarch.com/malware.htm
- http://www.virustotal.com/
- http://www.dependencywalker.com/
- http://www.angusj.com/
- http://www.smidgeonsoft.prohosting.com/pebrowse-profile-viewer.html
- http://www.heaventools.com/
- http://www.mandiant.com/products/research/mandiant_apatedns/download
- http://www.malwareanalysisbook.com/
- http://www.intel.com/products/processor/manuals/index.htm
- http://www.hex-rays.com/idapro/idadownfreeware.htm
- http://undocumented.ntinternals.net/
- http://www.openrce.org/downloads/browse/OllyDbg_Plugins
- http://www.poisonivy-rat.com/
- http://www.metasploit.com/
- http://www.opinionatedgeek.com/dotnet/tools/base64decode/
- http://www.hex-rays.com/idapro/freefiles/findcrypt.zip
- http://www.peid.has.it/
- http://www.smokedchicken.org/2010/06/ida-entropy-plugin.html
- http://www.dlitz.net/software/pycrypto/
- http://www.badsite.com/
- http://www.yahoo.com/
- http://www.domaintools.com/
- http://www.robtex.com/
- http://www.bfk.de/bfk_dnslogger_en.html
- http://www.thepasswordisflapjack.maliciousdomain.com/
- http://sf.net/projects/bastard/files/libdisasm/
- http://www.trapkit.de/
- http://www.mindviewinc.com/
- http://www.mandiant.com/
- http://www.sysinternals.com/
- http://www.zynamics.com/
- http://bochs.sourceforge.net/
- http://www.hex-rays.com/products/ida/debugger/bochs_tut.pdf
- http://portswigger.net/burp/
- http://www.honeynet.org/
- http://www.ntcore.com/
- http://www.faronics.com/
- http://www.hex-rays.com/
- http://www.hex-rays.com/products/ida/support/download_freeware.shtml
- http://www.immunityinc.com/
- http://tuts4you.com/download.php?view.415
- http://www.inetsim.org/
- http://www.woodmann.com/collaborative/tools/index.php/LordPE
- http://labs.idefense.com/software/download/?downloadID=8
- http://joncraton.org/media/files/nc111nt.zip
- http://www.reconstructer.org/
- http://www.ollydbg.de/
- http://www.osronline.com/
- http://blog.didierstevens.com/programs/pdf-tools/
- http://www.peid.info/
- http://wjradburn.com/software
- http://processhacker.sourceforge.net/
- http://www.python.org/
- http://sourceforge.net/projects/regshot/
- http://www.angusj.com/resourcehacker/
- http://www.sandboxie.com/
- http://bsa.isoftware.nl/
- http://www.snort.org/
- http://www.sleuthkit.org/
- http://whatismyipaddress.com/
- https://www.torproject.org/
- http://www.secureworks.com/research/tools/truman/
- http://msdn.microsoft.com/
- http://www.wireshark.org/
- http://upx.sourceforge.net/
- http://www.offensivecomputing.net/
- http://www.vmware.com/
- http://code.google.com/p/volatility/
- http://code.google.com/p/yara-project/
- http://zerowine.sourceforge.net/
- http://www.practicalmalwareanalysis.com/cc.htm
- http://www.malwareanalysisbook.com/ad.html
- http://malwareanalysisbook.com/
- http://www.x-ways.net/winhex/
- http://www.practicalmalwareanalysis.com/bamboo.html
- http://bamboo.html/
- http://www.practicalmalwareanalysis.com/tt.html
- http://www.woodmann.com/collaborative/tools/index.php/PhantOm
- http://adg.malwareanalysisbook.com/
- http://www.practicalmalwareanalysis.com/shellcode/annoy_user.exe
- http://www.practicalmalwareanalysis.com/cpp.html
- http://www.nostarch.com/malware/
- http://www.nostarch.com/
- Show all