Windows
Analysis Report
Invoice1-1706517.pdf
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
Acrobat.exe (PID: 6772 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Downloads \olqdGAHTJ O\Invoice1 -1706517.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 3712 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 3916 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 52 --field -trial-han dle=1588,i ,103507779 5724493875 2,45348526 4593500928 3,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
- • AV Detection
- • Phishing
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Phishing |
---|
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | Virustotal | Browse | ||
16% | ReversingLabs | Document-PDF.Trojan.ScamX |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.51.56.185 | unknown | United States | 4788 | TMNET-AS-APTMNetInternetServiceProviderMY | false | |
3.219.243.226 | unknown | United States | 14618 | AMAZON-AESUS | false | |
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
172.64.41.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1646900 |
Start date and time: | 2025-03-24 12:16:05 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Invoice1-1706517.pdf |
Detection: | MAL |
Classification: | mal52.winPDF@17/20@0/31 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): SgrmBroker.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 184.31.69.3 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d.
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.21467399881718 |
Encrypted: | false |
SSDEEP: | |
MD5: | 849881E3C6F7FC7AFA014B47CB7239D2 |
SHA1: | 11AB5B1FD3F74419040348854D0BC44DFD92C2EA |
SHA-256: | 9465B479FE0B3A960045BF3511A9E885119D12DF8D96DA15235D13763D442EDA |
SHA-512: | 1CB28335D4BD181A61CCCA6C8B4C26B58E39D7221A3FE3F54DEFF66C439133074482EC4E7B659764A6A90F66319E1A4C1B2C98B7993297BBF15732144D74840F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.178879754621804 |
Encrypted: | false |
SSDEEP: | |
MD5: | C2CD829A8AC897E6C47B2FF45CD0EAC3 |
SHA1: | E42609716D801CCE61D51C9B41A47B267D4836CE |
SHA-256: | B0EE61DAA5F1A6747FB1DAB33B4BA9D9B3DF8198B6999403BF336642E855D938 |
SHA-512: | 94C8609191B7E8E4AE10A7D48D613BC45A28166F97300CA5A8642C5D8406F53B4D4CB371D7F5015A8E51AF7BC621F686305018B4C82D2C3713C8D6B6B0AF69AB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3CE9EB5F4A252FB4949181DB5E0C1580 |
SHA1: | 6D15F0E04E2D2F1C345FAF4EF1DC9E84755FA031 |
SHA-256: | 68C403F7A915F6994F755B99EA5BAA06F238A72EEBFC605A84A8566D0EDF196F |
SHA-512: | FFB72488A00A55353D945428B709732AC4C70616047EEC1A722177CFA42CBD44C1D4C82489F52341AFEAF24EAC2FB0A85818511CF24328803D4C38991C54EA5D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 476 |
Entropy (8bit): | 4.973362940811232 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3CE9EB5F4A252FB4949181DB5E0C1580 |
SHA1: | 6D15F0E04E2D2F1C345FAF4EF1DC9E84755FA031 |
SHA-256: | 68C403F7A915F6994F755B99EA5BAA06F238A72EEBFC605A84A8566D0EDF196F |
SHA-512: | FFB72488A00A55353D945428B709732AC4C70616047EEC1A722177CFA42CBD44C1D4C82489F52341AFEAF24EAC2FB0A85818511CF24328803D4C38991C54EA5D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7504 |
Entropy (8bit): | 5.24201942487674 |
Encrypted: | false |
SSDEEP: | |
MD5: | 25792E3B35B4A507546415F1F68B9D6D |
SHA1: | E99B3C249EC1D935C11C44790DD50CFE62387F5E |
SHA-256: | 4881C3A0B881892453981D4D700A3D1F3A4EA4BA3256E833FF8D513E526ED2E5 |
SHA-512: | 3B2C70FE4E660317CCC98FA392B0077D0E4BE7B11E1C72D218CCA58D8F59F52EF4B5EF0962C7E9527B5A6CB389221C2B1941238378CBFB52A9C3DC2F7AA44938 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.22320503163001 |
Encrypted: | false |
SSDEEP: | |
MD5: | F1446AEDF2C9A1EF69625E508C2810B9 |
SHA1: | D25795F14C36C6FD94E34E601632ACE0BA93B29E |
SHA-256: | F43255FE9A9E4D44BE40F52ABC24DD2288FCD3DBC70A09F323F9AA834F2DDC2B |
SHA-512: | 18DDB8EBDDF4C247F9CE2C207FAB858E64667DE7B87BE09BB17AF0707AC251375A09A18CEC318BD8A0216BD2918D1659974853C36B5D83E4B1037FF3CFBE788D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 82710 |
Entropy (8bit): | 1.2272662388702138 |
Encrypted: | false |
SSDEEP: | |
MD5: | 98F06D06F95BE5918A05315393F18BDF |
SHA1: | 37E3683B0A201DB8E67E2341002E04152E145A9C |
SHA-256: | DEBA64094F095542C8C7D2FD63C311A724D644802201B8CF3660B531CFCAE3F2 |
SHA-512: | 80A45505F1B613B6172A32F52BC8C8AFE3DF8412499AD08116B356B8E081AA70F41A39144F4B91C10A5CD14F26943C34DF48E22A19AE1D0A6FEC63B42B255C01 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.44493244761583 |
Encrypted: | false |
SSDEEP: | |
MD5: | E5D025D8BED39EC6DD5FB50A681D770E |
SHA1: | C2D0A9150BE8E17E2ACD2E5F8486CC0317BEE953 |
SHA-256: | 1E6B12D9825C3901BDD20A2E249081D8E22723C6599228D97E2F87F62BDBD360 |
SHA-512: | 678D2753ADF7247DF09730F56DF97E689B605FEC4DF1442887BDC9BC13122F757830446C21B1E97D8797E0EC6DC2A9F1CD561FE34CBF1954CBE9BF797CED7DC3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7723706733050495 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1BA2418667CD9B087192BB53D73EFC47 |
SHA1: | D9A35B6601112F3A7E35EDCBA588368231C5DAD8 |
SHA-256: | 3619EF0606A1B86ABAEC244B27C22764EF599B39341A683CA939B67A4E11C436 |
SHA-512: | 7D76C66EDFB5D942F3A46FF1D07735A0F2D65E3318B81EB40BC4FE0B33408C92DB65EB5724E9CA4D4B41557F87937F2DEFC37D78205B8A5C4AD217394D1F2932 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.067322220515658 |
Encrypted: | false |
SSDEEP: | |
MD5: | A2DB5718141AB5D9EA2EDBD02681ECAC |
SHA1: | E05E65556012D33753A0636E278B7C664FD37AE5 |
SHA-256: | ECE461941C7C9439BB2445A920B6AA6451D100B26C4CF2E30DB3EEFE575AA475 |
SHA-512: | 2256CED76D1351BE0B10701F528221CB3E4075DDE108C1D628B192D2BABA9F1C039F0132B8574037BE2FB9B9D5C27DFED56F98B46A94A30A2546CB3F44B1D3C4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.457578548105811 |
Encrypted: | false |
SSDEEP: | |
MD5: | EA8C74A2954DBB6142FF60C48C836A20 |
SHA1: | A5A5D40651EBF0A719474EA1B160A1B626C3D3AA |
SHA-256: | DBB8EB807D0FCB7D69C9DFA9DE62F7D5003A3132F2F3030D9C94995D029D332A |
SHA-512: | 5113F84ADD547579B5D9978E909EB146819FFDAE1FC7CDF7955D80647AF3C99F1EC5B8F33A7BBF83251F86EB54AC1011D47A315FD4C596C054549EF5D8A5F8CC |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.9621837300963902 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4D82B450171D37FCCFD0F1215FD47CFB |
SHA1: | 464FA791288D245814EEEC1300CF1144F40E77EF |
SHA-256: | 7F88E1910E5003DD4AD661C8CA43FC6A722F624B190E2C921EF44950496058FA |
SHA-512: | 5B1F3D2E8DC01185FDB0BF88962C9318D24A94D4E05E4B2EA8CFFBCC772D0EC3A4D39075843CE7F91D0EB91DF27801519097D8A73519132FC9B77EE85FE849B7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5146815864506182 |
Encrypted: | false |
SSDEEP: | |
MD5: | 27482B744D30C610067D67C97C8008CA |
SHA1: | 98EB5DF74459C5E29D25D9175C4D16DFF01D305B |
SHA-256: | BD7841840CA3100F19F4FAC38C264309C3D24DEE58DA7B37125569F912B443B4 |
SHA-512: | BC62AFC7857A12760324DACEB24F913504AFA3383C9C2432C3B66865A1F55D48B649FEB1F88BAF5811BEC682CB7074257A08BD294A3070B2E5A45024710596AE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.352085917943317 |
Encrypted: | false |
SSDEEP: | |
MD5: | E89CDF7025B70E5A72FFC801BADFB345 |
SHA1: | 2C55C26FD5231BEBD6531BDB7962D12BE288A1BB |
SHA-256: | 2A90DFB97133E5C0219784D1C4A94C0DC45AE4787C40CFE6894A59D94C4FB88C |
SHA-512: | 22621DFF9C688C4B0BB3237350959B4357C65D1796834FC23E6636B4975BE942A969F7DB05E8FC10102DEBF93ED662BE28FC649B2456EB4B659EC84BF8E93621 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35721 |
Entropy (8bit): | 5.407671064978233 |
Encrypted: | false |
SSDEEP: | |
MD5: | 576892AB97644F0D51E22B60EDCF0AA9 |
SHA1: | 069513BA7823498DE12AE31615FD7E1386353FD4 |
SHA-256: | CDEDABDD34895960FAAB105F9071B9E62BCF381A33E116304191017784866340 |
SHA-512: | 751C46CF88649AEE6238DA3FC5353E55EFF6B57B37DC7BE1FE01D368FCC9F4C9EEDFA2B52CB7A60132B0B9D1D942B8A01CFAC533F4EAFF540647371467988DE1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | BC2B4B8EFC05ACC59FBE8E09760D53DC |
SHA1: | 621852ED2EE8264AAC1B25DBABDD6692C44429CE |
SHA-256: | 2375BBCC12DC3ECDFAEDA891AD37689377C73FEB8E52AB4520D93CF116D20646 |
SHA-512: | 3870DCB73F44284F4F3008C4A96A59A482DB18900BD39029F34A7B8D27AF9BCD9B5E6F6F47E2834C81B9A7E3409280B5E8ECAFD080BB09B9841FF1003F6C22F7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | B8A9C4994406DB4C1F6B58698B9AA2BA |
SHA1: | FC6963A1AC3D5236A6A330CE025502FFE9DFC3A7 |
SHA-256: | BB4ED912472A007034FA79E1E659367E3C9F8129464E18B3086283B857D9605E |
SHA-512: | A6A92D62951EBF13F074B0ED087824DF8246FE24425546E46DB48BA9005EDF3CD9AC3E5A7F88493F3C5DD2A02F96B1801317CA519C4E87444D3BB9B51DBE397F |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.930185340136312 |
TrID: |
|
File name: | Invoice1-1706517.pdf |
File size: | 52'890 bytes |
MD5: | 5af5ee83faae160ffab3cd5c8cd28117 |
SHA1: | 40c1f5fa7e36d118aaf8b467f455eb1c6189eaf6 |
SHA256: | 53924aaf790a371a77f5fe5bc1c85ed924e4c26762eea55911845744692274a8 |
SHA512: | b3ccb22463c36126ac9ba60596bba193c5adf917b4712bbb37cdf47602aedbe2e76029f3fd595a4ef2469bb39f50420cc2545bbda1ccdf0a662047385a602972 |
SSDEEP: | 1536:oaZC54j2Aup+lgekiqCAltX3/MCgPnTn9dz:HZCSaAusSi+XvjETn9dz |
TLSH: | 973302ACA854DC8CDDE469B6204043CE42DF6C3B9FD617322ECBA3419E8930AB5D4DA4 |
File Content Preview: | %PDF-1.6.%.....2 0 obj.<<./Lang <FEFF0045004E002D00550053>./MarkInfo 4 0 R./Metadata 5 0 R./PageLayout /OneColumn./Pages 6 0 R./StructTreeRoot 7 0 R./Type /Catalog./AcroForm 8 0 R.>>.endobj.5 0 obj.<<./Subtype /XML./Type /Metadata./Filter /FlateDecode./Le |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.930185 |
Total Bytes: | 52890 |
Stream Entropy: | 7.929924 |
Stream Bytes: | 51800 |
Entropy outside Streams: | 5.203096 |
Bytes outside Streams: | 1090 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 9 |
endobj | 9 |
stream | 7 |
endstream | 7 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
ID | DHASH | MD5 | Preview |
---|---|---|---|
32 | 11313038394f3736 | 99a66323ff5e1bcbb778db6bfb3b60cf |