Linux Analysis Report
sample-link.pdf

ID:	1523489
Product:	CloudBasic
Start time:	17:07:52
Start date:	01.10.2024
Sample:	sample-link.pdf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Architecture:	LINUX
MD5:	72dc5a929aa6b537e7b244313cd03940
SHA1:	06dff1e526b60ee381f6bad27b2386d58f552155
SHA256:	ba4827b1b4f0e5d650c464287f6d55b542296f0acb628fb5575aa97d13990ac1
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
/home/james/.cache/dconf/user	very short file (no magic)	93B885ADFE0DA089CDF634904FD59F71	5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
/home/james/.local/share/recently-used.xbel.IDNSU2	XML 1.0 document, ASCII text	E7C79D8D1F378F9AF969CF05A9A2A27E	CBA2CC800DE65F958BE1AF83CFCCAAE0B03C93D8	D7CDDF2A99230515030E8621433830844AD38C371746DC5B0609C2F6C0F3A508

Networking

Source: recently-used.xbel.IDNSU2.38.dr	String found in binary or memory: http://freedesktop.org
Source: sample-link.pdf	String found in binary or memory: http://www.antennahouse.com/purchase.htm)
Source: recently-used.xbel.IDNSU2.38.dr	String found in binary or memory: http://www.freedesktop.org/standards/desktop-bookmarks
Source: recently-used.xbel.IDNSU2.38.dr	String found in binary or memory: http://www.freedesktop.org/standards/shared-mime-info

System Summary

Source: recently-used.xbel.IDNSU2.38.dr

OLE indicator, VBA macros: true

Source: recently-used.xbel.IDNSU2.38.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: clean2.linPDF@0/2@0/0

Persistence and Installation Behavior

Source: /usr/bin/exo-open (PID: 4790)	Directory: /home/james/.Xauthority			Jump to behavior
Source: /usr/bin/exo-open (PID: 4790)	Directory: /home/james/.cache			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4798)	Directory: /home/james/.Xauthority			Jump to behavior
Source: /usr/bin/evince (PID: 4816)	Directory: /home/james/.Xauthority			Jump to behavior
Source: /usr/bin/evince (PID: 4816)	Directory: /home/james/.Xauthority			Jump to behavior
Source: /usr/bin/evince (PID: 4816)	Directory: /home/james/.Xdefaults-ubuntu			Jump to behavior
Source: /usr/bin/evince (PID: 4816)	Directory: /home/james/.cache			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4833)	Directory: /home/james/.Xauthority			Jump to behavior

Malware Analysis System Evasion

Source: /usr/bin/exo-open (PID: 4790)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4798)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/evince (PID: 4816)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4833)	Queries kernel information via 'uname':			Jump to behavior