Edit tour

Windows Analysis Report
pdf.exe

Overview

General Information

Sample name:	pdf.exe
Analysis ID:	1671073
MD5:	e5647457a637c2871b0fdb7a8f102390
SHA1:	e1ef7b1f8436b9b892e75c0d91b46fbca8b4469b
SHA256:	700da1548a48d9f0d22eb73686fd23d97af123a6b163aa1d1e7331d09ccb39dc
Infos:

Detection

Score:	1
Range:	0 - 100
Confidence:	80%

Signatures

PE file contains sections with non-standard names

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64_ra

pdf.exe (PID: 7124 cmdline: "C:\Users\user\Desktop\pdf.exe" MD5: E5647457A637C2871B0FDB7A8F102390)

conhost.exe (PID: 5080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

rundll32.exe (PID: 6864 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

cleanup

Joe Sandbox Signatures

• Compliance
• System Summary
• Data Obfuscation
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Anti Debugging

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: pdf.exe

Static PE information: certificate valid

Source: pdf.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: classification engine

Classification label: clean1.winEXE@3/0@0/0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5080:120:WilError_03

Source: pdf.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\pdf.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Users\user\Desktop\pdf.exe "C:\Users\user\Desktop\pdf.exe"
Source: C:\Users\user\Desktop\pdf.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: C:\Users\user\Desktop\pdf.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\pdf.exe	Section loaded: kernel.appcore.dll

Source: pdf.exe

Static PE information: certificate valid

Source: pdf.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: pdf.exe

Static file information: File size 19944808 > 1048576

Source: pdf.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x12da800

Source: pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: pdf.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: pdf.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: pdf.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: pdf.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: pdf.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: pdf.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: pdf.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: pdf.exe

Static PE information: section name: .fptable

Source: C:\Windows\System32\rundll32.exe

Process information set: NOOPENFILEERRORBOX

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Rundll32	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Domains and IPs

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1671073
Start date and time:	2025-04-22 15:41:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	pdf.exe
Detection:	CLEAN
Classification:	clean1.winEXE@3/0@0/0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 52.149.20.212
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Instruction
dec eax
sub esp, 28h
call 00007F021C7EA9E0h
dec eax
add esp, 28h
jmp 00007F021C7EA607h
int3
int3
dec eax
sub esp, 28h
call 00007F021C7EB040h
test eax, eax
je 00007F021C7EA7B3h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007F021C7EA797h
dec eax
cmp ecx, eax
je 00007F021C7EA7A6h
xor eax, eax
dec eax
cmpxchg dword ptr [00026080h], ecx
jne 00007F021C7EA780h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007F021C7EA789h
int3
int3
int3
dec eax
sub esp, 28h
test ecx, ecx
jne 00007F021C7EA799h
mov byte ptr [00026069h], 00000001h
call 00007F021C7EAD2Dh
call 00007F021C7EB414h
test al, al
jne 00007F021C7EA796h
xor al, al
jmp 00007F021C7EA7A6h
call 00007F021C7F2BF3h
test al, al
jne 00007F021C7EA79Bh
xor ecx, ecx
call 00007F021C7EB424h
jmp 00007F021C7EA77Ch
mov al, 01h
dec eax
add esp, 28h
ret
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [00026030h], 00000000h
mov ebx, ecx
jne 00007F021C7EA7F9h
cmp ecx, 01h
jnbe 00007F021C7EA7FCh
call 00007F021C7EAFB6h
test eax, eax
je 00007F021C7EA7BAh
test ebx, ebx
jne 00007F021C7EA7B6h
dec eax
lea ecx, dword ptr [0002601Ah]
call 00007F021C7F2A12h
test eax, eax
jne 00007F021C7EA7A2h
dec eax
lea ecx, dword ptr [00026022h]
call 00007F021C7EA802h

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2650c	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2c000	0x12da6d8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x29000	0x15f0	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x1302a00	0x2b68	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1307000	0x684	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x247f0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x246b0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1c000	0x2d8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1a1a0	0x1a200	992273f5f6530589566041de33773f4d	False	0.5821527362440191	data	6.509703907122392	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x1c000	0xae96	0xb000	598fbae0892d4a03c50a957995c00220	False	0.45902876420454547	data	5.025955919743026	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x27000	0x1c98	0xc00	dcb0ab652df90c60ceecaae8a1feccdb	False	0.15201822916666666	data	2.0616129128417735	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x29000	0x15f0	0x1600	cfbd06c0adde92703f5c57546aec5b75	False	0.49609375	data	5.172130976558013	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.fptable	0x2b000	0x100	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x2c000	0x12da6d8	0x12da800	1ce45dceaa42e8a2ef6f37a672275088	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1307000	0x684	0x800	3ef4a9794277f6df502732b16cf12391	False	0.51708984375	data	4.946034700685939	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
CUSTOMDATA	0x2c080	0x12da654	data	English	United States	0.9439239501953125

DLL	Import
KERNEL32.dll	FindResourceA, LoadResource, SizeofResource, GetModuleFileNameA, GetModuleHandleA, Sleep, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, WriteConsoleW, RtlUnwindEx, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RaiseException, RtlPcToFileHeader, GetStdHandle, WriteFile, GetModuleFileNameW, GetCurrentProcess, ExitProcess, TerminateProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionEx, VirtualProtect, CompareStringW, LCMapStringW, GetFileType, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, CloseHandle, WaitForSingleObject, GetExitCodeProcess, CreateProcessW, GetFileAttributesExW, MultiByteToWideChar, DeleteFileW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetStringTypeW, GetProcessHeap, FlushFileBuffers, CreateFileW, ReadFile, ReadConsoleW, HeapSize, HeapReAlloc, SetEndOfFile

FindResourceA, LoadResource, SizeofResource, GetModuleFileNameA, GetModuleHandleA, Sleep, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, WriteConsoleW, RtlUnwindEx, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RaiseException, RtlPcToFileHeader, GetStdHandle, WriteFile, GetModuleFileNameW, GetCurrentProcess, ExitProcess, TerminateProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionEx, VirtualProtect, CompareStringW, LCMapStringW, GetFileType, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, CloseHandle, WaitForSingleObject, GetExitCodeProcess, CreateProcessW, GetFileAttributesExW, MultiByteToWideChar, DeleteFileW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetStringTypeW, GetProcessHeap, FlushFileBuffers, CreateFileW, ReadFile, ReadConsoleW, HeapSize, HeapReAlloc, SetEndOfFile

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	7.998990838442033
TrID:	Win64 Executable Console (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	pdf.exe
File size:	19'944'808 bytes
MD5:	e5647457a637c2871b0fdb7a8f102390
SHA1:	e1ef7b1f8436b9b892e75c0d91b46fbca8b4469b
SHA256:	700da1548a48d9f0d22eb73686fd23d97af123a6b163aa1d1e7331d09ccb39dc
SHA512:	0551e13b17fd89614418d70fea8dd8955838ee08ebaa1930e685ddc4902cb1f1ba951f42d2fce517f42bdd6021e5603fa1448dd6099a0b3fd2fe8c19968d474d
SSDEEP:	393216:HLAA0wHvIr+a4X9NAj40aht54cDADlzrXmXS2lPkoiFHlNI5vWR+l9hIW:HLD0w++DX9w4t54qAZzii2lPDi5d0BIW
TLSH:	861733F82EFF25F5E83A3B7ED5D98802D335346547A0059E67A0856383EB2931276B43
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,.T.M...M...M.......M.......M.......M.......M...M...M.......M.......M.......M...M...M..W.&..M..W....M..Rich.M.................

Entrypoint:	0x140001ac0
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67FFD3F7 [Wed Apr 16 15:59:51 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	49f622b3ccc8a58223b275ab12771134

Signature Valid:	true
Signature Issuer:	CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	16/04/2024 19:34:28 17/04/2025 19:34:28
Subject Chain	E=farhadikhlaq483@gmail.com, CN=IBRAHIM MANNAN LLC, O=IBRAHIM MANNAN LLC, STREET=7901 4Th St N Ste 15241, L=Saint Petersburg, S=Florida, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=L23000274215, OID.2.5.4.15=Private Organization
Version:	3
Thumbprint MD5:	DAC92FB1ACF7F566908D07FF1EC99CFF
Thumbprint SHA-1:	5AD122B091C21EB546DFD20086D266E0E8429ABF
Thumbprint SHA-256:	32C5B8DB1C4C99E96488E737EA6317EDC051BBCDE9DFE0DE6F944B5391468DC5
Serial:	36CCA0554D1130A8455DE146

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre


Icon Hash:	90cececece8e8eb0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report pdf.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Windows Analysis Report
pdf.exe