Report - lgarsx.pdf

PDF ZIP Format

ScreenShot

Info
Location map


Created	2023.08.04 09:24	Machine	s1_win7_x6403
Filename	lgarsx.pdf
Type	PDF document, version 1.4
AI Score	Not founds	Behavior Score	2.0
ZERO API	file : mailcious
VT API (file)
md5	466d18edebd09e5e05d36a6d15d27375
sha256	bb0795a8bdc34373f9694270e2d417f9cccb676b12cec1b9514732db378d029b
ssdeep	12288:ibyVNXG79oi/Gs+z2H9kK6XptE2Eof/fbIXTZB4bKy8AizR6zdIMXptE2DbIXFG6:ibUNW79oi/Gs+zxXRzuTi/izQzdIMXRM
imphash
impfuzzy

Network IP location

Signature (4cnts)

Level	Description
watch	Communicates with host for which no DNS query was performed
watch	One or more non-whitelisted processes were created
notice	Performs some HTTP requests
notice	Uses Windows utilities for basic Windows functionality

Rules (2cnts)

Level	Name	Description	Collection
notice	PDF_Format_Z	PDF Format	binaries (upload)
info	zip_file_format	ZIP file format	binaries (download)

Network (6cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip whois			23.74.15.25		clean
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip whois			23.74.15.25		clean
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip whois			23.74.15.43		clean
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip whois			23.74.15.43		clean
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip whois			23.74.15.25		clean
23.74.15.25 whois			23.74.15.25		clean

Suricata ids

Similarity measure (PE file only) - Checking for service failure