Summary | ZeroBOX

66890294103.pdf

PDF Suspicious Link PDF
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 27, 2021, 1:26 p.m. Oct. 27, 2021, 1:28 p.m.
Size 74.8KB
Type PDF document, version 1.4
MD5 fc78d2cdb494fd18e3b59dbf2b5ded11
SHA256 952fd8bd4e94ac7720787c56e3fbd6d34f2ec76605852d0dba9dc922aca4e1b7
CRC32 58F690C7
ssdeep 1536:CjvdLTNN/PhTbxEYZTy6VmugVZil77ztiQftdJp:kdH3pGey6VmuuZe7ztiQVl
Yara
  • PDF_Format_Z - PDF Format
  • PDF_Suspicious_Link_Z - PDF Suspicious Link

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1700
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6fa63000
process_handle: 0xffffffff
1 0 0
cmdline "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043
Lionic Trojan.PDF.Generic.O!c
CAT-QuickHeal PDF.Phishing.43094
Cyren PDF/Gerphish.J.gen!Camelot
Rising Trojan.Phishing/PDF!1.D4DE (CLASSIC)
DrWeb PDF.Phisher.197
McAfee-GW-Edition BehavesLike.PDF.Suspicious.lb
Ikarus Trojan.PDF.Phishing
Avira HTML/Malicious.PDF.Gen2
Microsoft Trojan:PDF/Phish!rfn
GData PDF.Trojan-Stealer.Phishing.E
Cynet Malicious (score: 99)
McAfee PDF/Phish-FAB!FC78D2CDB494
SentinelOne Static AI - Suspicious PDF
Fortinet PDF/Phishing.A!tr
Qihoo-360 ex_virus.pdf.phisher.t
parent_process acrord32.exe martian_process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043