55599-outbound.pdf
This report is generated from a file or URL submitted to this webservice on February 26th 2018 16:40:25 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v7.30 © Hybrid Analysis
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 1
-
General
-
Found a potential E-Mail address in binary/memory
- details
- Pattern match: "treger@samuel.comto"
- source
- File/Memory
- relevance
- 3/10
-
Found a potential E-Mail address in binary/memory
-
Informative 6
-
General
-
Contains object with compressed stream data
- details
-
Object ID 7 contains compressed stream data: No filters
Object ID 12 contains compressed stream data: No filters
Object ID 17 contains compressed stream data: No filters - source
- Static Parser
- relevance
- 10/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagEJHCFJJGILOAAAAA"
"Local\c:!users!vlhbi3b!appdata!roaming!microsoft!windows!cookies!"
"{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagEJHCFJJGILOAAAAA"
"Local\WininetProxyRegistryMutex"
"Local\c:!users!vlhbi3b!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"Local\_!MSFTHISTORY!_"
"Local\WininetConnectionMutex"
"Local\c:!users!vlhbi3b!appdata!local!microsoft!windows!history!history.ie5!"
"Local\Acrobat Instance Mutex"
"Local\WininetStartupMutex"
"DBWinMutex"
"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_208"
"\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\DBWinMutex"
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!vlhbi3b!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!vlhbi3b!appdata!roaming!microsoft!windows!cookies!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!vlhbi3b!appdata!local!microsoft!windows!history!history.ie5!"
"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex" - source
- Created Mutant
- relevance
- 3/10
-
Scanning for window names
- details
-
"AcroRd32.exe" searching for class "AdobeAcrobat"
"AcroRd32.exe" searching for class "Shell_TrayWnd"
"AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for window "_AcroAppTimer"
"AcroRd32.exe" searching for class "Acrobat Instance Window Class"
"AcroRd32.exe" searching for class "ACROSEMAPHORE_R11"
"AcroRd32.exe" searching for class "JFWUI2" - source
- API Call
- relevance
- 10/10
-
Contains object with compressed stream data
-
Installation/Persistance
-
Dropped files
- details
-
"A9R58BB.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" has type "data"
"A9R58B7.tmp" has type "data"
"A9R58B8.tmp" has type "data"
"A9R58BA.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"A9R58B6.tmp" has type "data"
"AdobeFnt14.lst.3768" has type "PostScript document text"
"A9R58BC.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"A9R58BE.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"A9R58B5.tmp" has type "data"
"48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" has type "data"
"aaa03852" has type "PDF document version 1.6"
"A9R58BD.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)" - source
- Binary File
- relevance
- 3/10
-
Found a string that may be used as part of an injection method
- details
- "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
- source
- File/Memory
- relevance
- 4/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Heuristic match: "HEAD /edgedl/release2/Hcq1Yqsih2A/57.0.2987.133_56.0.2924.87_chrome_updater.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityUser-Agent: Microsoft BITS/7.5X-Old-UID: cnt=0X-Last-HR: 0x80042194X-Last-HTTP-Status-Code: 404"
Heuristic match: "y^(7kmHs;.za" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
File Details
55599-outbound.pdf
- Filename
- 55599-outbound.pdf
- Size
- 3.9MiB (4066391 bytes)
- Type
- Description
- PDF document, version 1.4
- Document pages
- 3
- Architecture
- WINDOWS
- SHA256
- faedf9b987bb8e792433163f2576ba057c08e0083c34bdbd806f86f4ac032209
- MD5
- 4f1fe3da0decb229a5468fdf7528290c
- SHA1
- d724aff8d2e08cf9b4a3884599139046578e7227
Classification (TrID)
- 100.0% (.PDF) Adobe Portable Document Format
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 1 process in total (System Resource Monitor).
- AcroRd32.exe "C:\faedf9b987bb8e792433163f2576ba057c08e0083c34bdbd806f86f4ac032209.pdf" (PID: 3768)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
Displaying 13 extracted file(s). The remaining 1 file(s) are available in the full version and XML/JSON reports.
-
Informative 13
-
-
AdobeFnt14.lst.3768
- Size
- 8.1KiB (8244 bytes)
- Type
- text
- Description
- PostScript document text
- Runtime Process
- AcroRd32.exe (PID: 3768)
- MD5
- eadae9dc454e710e757b1dc756eb31f5
- SHA1
- 1a7a561e6df920d26a9624190e76711ddb74dc79
- SHA256
- b40cca694e17770f427a44c7760ec7f557e0330f9eb864a15204d6c114c288a3
-
A9R58B5.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 3768)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9R58B6.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 3768)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9R58B7.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 3768)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9R58B8.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 3768)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9R58BA.tmp
- Size
- 45KiB (46135 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- Runtime Process
- AcroRd32.exe (PID: 3768)
- MD5
- 7de4a2e866ed8aefb829cf5e04db261a
- SHA1
- 38a68fded15d2c8950a6b0d855492e5b4ce7ed95
- SHA256
- 70bdea097b02d2cba9f5363f9e986cc5ba57267999374c303a248d01000d713b
-
A9R58BB.tmp
- Size
- 41KiB (41629 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- MD5
- 2270aa3192da68562fdb1e4c468b13df
- SHA1
- 0efdaae1163af1ac0c61c6e5f92714cdbb03e41a
- SHA256
- 5c74fec27dec1d0fe65987b22d85ba7953e118b34ed48ad59a8000e4d3d4f975
-
A9B8213768ADC68AF64FCC6409E8BE414726687F.crl
- Size
- 37KiB (37738 bytes)
- Type
- data
- MD5
- eb3e7c0d28537e2662c1bc2795b26eb9
- SHA1
- 3bfbc57934740c491eaeeeb3a6dcd7ff295912b3
- SHA256
- 37174acf10a8a6b39cc7afb4ef77689001acf0b420c760d12739e667569e4fbe
-
A9R58BC.tmp
- Size
- 38KiB (38445 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- MD5
- c2be4c74c4d98eac6140acb383f77d0b
- SHA1
- a54e90b58dd2463d913142d4d7ec1d038f249c55
- SHA256
- d1e10ebe9f745f12c7b29f0a7ca27c576c0ba1e37fdcc19563e822c6692a1d68
-
A9R58BE.tmp
- Size
- 35KiB (35731 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- MD5
- 60fb8491aa4b141264152614c765d450
- SHA1
- c33105a5d6bda4f09bfcd774ade9a62e77e131ee
- SHA256
- 3184ca2a7ef723d242309f3770e6f60ac57e436ee3eb2b434112d0df848e5c60
-
48B76449F3D5FEFA1133AA805E420F0FCA643651.crl
- Size
- 1KiB (1073 bytes)
- Type
- data
- MD5
- cbb08ba4ff75a8e56e1d1d8f5f7733e2
- SHA1
- cd88afd55a8232ca96638e63393ca290e173b4c2
- SHA256
- 2f8e5075d1ed7322b95c00cda2ff7502acfdfa1471eedb0eb5e89fb32d44d9e3
-
aaa03852
- Size
- 3MiB (3169863 bytes)
- Type
- Description
- PDF document, version 1.6
- MD5
- 31fd034a3a58063101cb93d2f5ec2a3b
- SHA1
- da10d545af59993950a11214fcf59a477f6714a1
- SHA256
- 3992bbea889ec59ac0b9d0f3bbcfa9e323fc40b2ecfefd971b06e0ee05e2a0ae
-
A9R58BD.tmp
- Size
- 80KiB (81944 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- MD5
- 39c9b484f43d03a05d306bc7bcc16654
- SHA1
- 1cb992eaff6228116e55b858f2ed825b09f2f50b
- SHA256
- fa5fdebe80ec0ce7dc40738b4fd46a9e9b36eca6a810c523ee6ef3fd40b4179e
-