ee0cad8a6789e63b3fabc260caed1e34b3a9f55e6c95bca9e751f4489851865c

Sharing

Copy URL Twitter E-mail

General

Target

ee0cad8a6789e63b3fabc260caed1e34b3a9f55e6c95bca9e751f4489851865c
Size

1.9MB
MD5

2d9c3e32e64cc02c61eb8db6393be659
SHA1

ca4a857702f8c56284241e39a6d361284cd28d08
SHA256

ee0cad8a6789e63b3fabc260caed1e34b3a9f55e6c95bca9e751f4489851865c
SHA512

9a6fcb0490b631a04b3fc81f799be1ec9e69f44cf1f6302eb72a55549b65b8566708c695b8e0e25176a6517552c6b80affb4185e37d8fb72a25707d1e382729e
SSDEEP

49152:do8pyvTozvv9bUmbb8f4pauvCpoibCBVNDGRkdkgr:O76n9bUmbb8fhpp9yaGkgr

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
sample	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

ee0cad8a6789e63b3fabc260caed1e34b3a9f55e6c95bca9e751f4489851865c
.pdf
- https://twitter.com/adbertram
- https://twitter.com/search?src=typd&q=%23psblogweek
- https://goo.gl/9zf897
- https://goo.gl/hM5J8M
- http://go.microsoft.com/fwlink/p/?linkid=289796
- https://technet.microsoft.com/en-us/library/hh847819.aspx
- https://goo.gl/CrpfsI
- https://goo.gl/LdXqFH
- https://twitter.com/wasserja
- https://goo.gl/3TbKrt
- http://go.microsoft.com/fwlink/p/?linkid=290491
- http://go.microsoft.com/fwlink/?LinkID=113217
- http://go.microsoft.com/fwlink/p/?linkid=293909
- https://msdn.microsoft.com/en-us/library/system.string.substring(v=vs.110).aspx
- https://infracloud.wordpress.com/2015/09/28/iis-log-parsing-using-powershell/
- http://regexlib.com/Search.aspx?k=iis&c=-1&m=-1&ps=20
- https://msdn.microsoft.com/en-us/library/system.diagnostics.overflowaction(v=vs.110).aspx
- https://msdn.microsoft.com/en-us/library/system.diagnostics.eventlog.minimumretentiondays(v=vs.110).aspx
- https://technet.microsoft.com/en-us/library/hh849682.aspx
- http://www.mcbsys.com/blog/2011/04/powershell-get-winevent-vs-get-eventlog
- https://msdn.microsoft.com/en-%20us/library/system.diagnostics.eventing.reader.eventlogrecord.aspx
- http://blogs.technet.com/b/heyscriptingguy/archive/2014/06/03/use-filterhashtable-to-filter-event-log-with-powershell.aspx
- https://www.microsoft.com/en-us/download/details.aspx?id=29265
- https://twitter.com/jeffhicks
- http://mrautomaton.com/2015/11/30/psblogweek-building-readable-text-log-files/
- https://twitter.com/driberif
- https://crshnbrn66.wordpress.com/2015/11/30/slicing-and-dicing-log-files/
- https://twitter.com/jaap_brasser
- http://www.jaapbrasser.com/psblogweek-powershell-logging-in-the-windows-event-log
- https://twitter.com/platta
- http://www.plattsoft.net/2015/12/03/reading-the-event-log-with-windows-powershell
- http://wp.me/p3Vtp3-Eu
- https://twitter.com/juneb_get_help
- https://gallery.technet.microsoft.com/scriptcenter/Write-Log-PowerShell-999c32d0
- https://msdn.microsoft.com/en-
- http://LogDemo.ps
- Show all