Summary

depubuvu.pdf

File depubuvu.pdf

Summary
Download Resubmit sample

Size 392.3KB
Type PDF document, version 1.4, 2 pages
MD5 2db36a262274bb48f4920c97dbd96d2e
SHA1 2f830805e62b6547b9f4e2ce4920367ea37f674e
SHA256 53e5adfb0de8419ce31910a76564cf1eecd9c2944e49667439f86299e4a2f126
SHA512
f4ab2b1eec55b4b8adac6ed0f395e0110d4a5dd9950754fbdc6ac65778301561bc0f029e2ba8b3b12fc924c3a2dc7fed6f7a9b258212132a832d5e1e2bf6d991
CRC32 EBACCF1F
ssdeep None
Yara
  • invalid_trailer_structure - (no description)
  • multiple_versions - Written very generically and doesn't hold any weight - just something that might be useful to know about to help show incremental updates to the file being analyzed

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Dec. 15, 2024, 6 p.m. Dec. 15, 2024, 6:02 p.m. 131 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2024-12-15 16:57:16,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpmdfut4
2024-12-15 16:57:16,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\tifnhHYdDKUoFgLvvpF
2024-12-15 16:57:16,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\TXuHinRzWkHkhCIswfvtbHirw
2024-12-15 16:57:16,405 [analyzer] DEBUG: Started auxiliary module Curtain
2024-12-15 16:57:16,405 [analyzer] DEBUG: Started auxiliary module DbgView
2024-12-15 16:57:16,890 [analyzer] DEBUG: Started auxiliary module Disguise
2024-12-15 16:57:17,092 [analyzer] DEBUG: Loaded monitor into process with pid 504
2024-12-15 16:57:17,092 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2024-12-15 16:57:17,092 [analyzer] DEBUG: Started auxiliary module Human
2024-12-15 16:57:17,092 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2024-12-15 16:57:17,108 [analyzer] DEBUG: Started auxiliary module Reboot
2024-12-15 16:57:17,233 [analyzer] DEBUG: Started auxiliary module RecentFiles
2024-12-15 16:57:17,233 [analyzer] DEBUG: Started auxiliary module Screenshots
2024-12-15 16:57:17,233 [analyzer] DEBUG: Started auxiliary module Sysmon
2024-12-15 16:57:17,233 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2024-12-15 16:57:17,375 [lib.api.process] INFO: Successfully executed process from path 'C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe' with arguments [u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\depubuvu.pdf'] and pid 1244
2024-12-15 16:57:17,546 [analyzer] DEBUG: Loaded monitor into process with pid 1244
2024-12-15 16:57:19,265 [analyzer] INFO: Added new file to list with pid 1244 and path C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
2024-12-15 16:57:19,515 [analyzer] INFO: Added new file to list with pid 1244 and path C:\Users\Administrator\AppData\Local\Adobe\Color\Profiles\wscRGB.icc
2024-12-15 16:57:19,530 [analyzer] INFO: Added new file to list with pid 1244 and path C:\Users\Administrator\AppData\Local\Adobe\Color\Profiles\wsRGB.icc
2024-12-15 16:57:19,546 [analyzer] INFO: Added new file to list with pid 1244 and path C:\Users\Administrator\AppData\Local\Adobe\Color\ACECache10.lst
2024-12-15 16:57:22,171 [analyzer] INFO: Added new file to list with pid 1244 and path C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
2024-12-15 16:57:22,187 [analyzer] INFO: Added new file to list with pid 1244 and path C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
2024-12-15 17:01:52,994 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2024-12-15 17:01:53,401 [analyzer] INFO: Terminating remaining processes before shutdown.
2024-12-15 17:01:53,401 [lib.api.process] INFO: Successfully terminated process with pid 1244.
2024-12-15 17:01:53,417 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\roaming\\adobe\\acrobat\\9.0\\shareddataevents-journal' does not exist, skip.
2024-12-15 17:01:53,433 [analyzer] INFO: Analysis completed.

Cuckoo Log

2024-12-15 18:00:37,391 [cuckoo.core.scheduler] INFO: Task #5661989: acquired machine win7x644 (label=win7x644)
2024-12-15 18:00:37,392 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.204 for task #5661989
2024-12-15 18:00:37,572 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 200170 (interface=vboxnet0, host=192.168.168.204)
2024-12-15 18:00:37,622 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x644
2024-12-15 18:00:38,046 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x644 to vmcloak
2024-12-15 18:01:15,029 [cuckoo.core.guest] INFO: Starting analysis #5661989 on guest (id=win7x644, ip=192.168.168.204)
2024-12-15 18:01:16,033 [cuckoo.core.guest] DEBUG: win7x644: not ready yet
2024-12-15 18:01:21,061 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x644, ip=192.168.168.204)
2024-12-15 18:01:21,145 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x644, ip=192.168.168.204, monitor=latest, size=6660546)
2024-12-15 18:01:22,608 [cuckoo.core.resultserver] DEBUG: Task #5661989: live log analysis.log initialized.
2024-12-15 18:01:23,647 [cuckoo.core.resultserver] DEBUG: Task #5661989 is sending a BSON stream
2024-12-15 18:01:24,100 [cuckoo.core.resultserver] DEBUG: Task #5661989 is sending a BSON stream
2024-12-15 18:01:25,001 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'shots/0001.jpg'
2024-12-15 18:01:25,023 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 133527
2024-12-15 18:01:26,116 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'shots/0002.jpg'
2024-12-15 18:01:26,132 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 125367
2024-12-15 18:01:27,209 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'shots/0003.jpg'
2024-12-15 18:01:27,213 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 41993
2024-12-15 18:01:34,492 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'shots/0004.jpg'
2024-12-15 18:01:34,498 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 40316
2024-12-15 18:01:37,182 [cuckoo.core.guest] DEBUG: win7x644: analysis #5661989 still processing
2024-12-15 18:01:52,309 [cuckoo.core.guest] DEBUG: win7x644: analysis #5661989 still processing
2024-12-15 18:01:53,256 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'curtain/1734278513.24.curtain.log'
2024-12-15 18:01:53,259 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 36
2024-12-15 18:01:53,407 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'sysmon/1734278513.4.sysmon.xml'
2024-12-15 18:01:53,451 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'files/5bf668b5fb437a24_wscrgb.icc'
2024-12-15 18:01:53,454 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 66208
2024-12-15 18:01:53,457 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'files/7567edd93ced0b2a_wsrgb.icc'
2024-12-15 18:01:53,469 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 2676
2024-12-15 18:01:53,471 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'files/8f08086289e09798_acecache10.lst'
2024-12-15 18:01:53,475 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 1946
2024-12-15 18:01:53,476 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'files/4ccf1d12eb2bb92b_shareddataevents'
2024-12-15 18:01:53,481 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 3072
2024-12-15 18:01:53,484 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'files/2cbbfbe12768f624_usercache.bin'
2024-12-15 18:01:53,486 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 69063
2024-12-15 18:01:53,504 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 1015324
2024-12-15 18:01:54,211 [cuckoo.core.resultserver] DEBUG: Task #5661989: File upload for 'shots/0005.jpg'
2024-12-15 18:01:54,223 [cuckoo.core.resultserver] DEBUG: Task #5661989 uploaded file length: 133525
2024-12-15 18:01:54,237 [cuckoo.core.resultserver] DEBUG: Task #5661989 had connection reset for <Context for LOG>
2024-12-15 18:01:55,330 [cuckoo.core.guest] INFO: win7x644: analysis completed successfully
2024-12-15 18:01:55,340 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-12-15 18:01:55,371 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-12-15 18:01:55,964 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x644 to path /srv/cuckoo/cwd/storage/analyses/5661989/memory.dmp
2024-12-15 18:01:55,966 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x644
2024-12-15 18:02:48,816 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.204 for task #5661989
2024-12-15 18:02:49,150 [cuckoo.core.scheduler] DEBUG: Released database task #5661989
2024-12-15 18:02:49,191 [cuckoo.core.scheduler] INFO: Task #5661989: analysis procedure completed

Signatures

Yara rules detected for file (2 events)
description (no description) rule invalid_trailer_structure
description Written very generically and doesn't hold any weight - just something that might be useful to know about to help show incremental updates to the file being analyzed rule multiple_versions
File has been identified by 9 AntiVirus engine on IRMA as malicious (9 events)
G Data Antivirus (Windows) Virus: PDF.Spam.Heur.12 (Engine A)
Avast Core Security (Linux) PDF:PhishingX-gen [Phish]
F-Secure Antivirus (Linux) Malware.HTML/Malicious.PDF.Gen2 [Aquarius]
Forticlient (Linux) PDF/Phishing.A!tr
eScan Antivirus (Linux) PDF.Spam.Heur.12(DB)
ESET Security (Windows) PDF/Phishing.A.Gen trojan
DrWeb Antivirus (Linux) PDF.Phisher.9999
Bitdefender Antivirus (Linux) PDF.Spam.Heur.12
Emsisoft Commandline Scanner (Windows) PDF.Spam.Heur.12 (B)
File has been identified by 12 AntiVirus engines on VirusTotal as malicious (12 events)
Sangfor Malware.Generic-HTML.Save.ma33
Cyren URL/Phish.AIP.gen!Eldorado
ESET-NOD32 PDF/Phishing.A.Gen
Avast PDF:PhishingX-gen [Phish]
Cynet Malicious (score: 99)
F-Secure Malware.HTML/Malicious.PDF.Gen2
McAfee-GW-Edition BehavesLike.PDF.Suspicious.fb
Avira HTML/Malicious.PDF.Gen2
Google Detected
AhnLab-V3 Phishing/PDF.Malurl.XG51
Fortinet PDF/PhishingX.gen!tr
AVG PDF:PhishingX-gen [Phish]
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.