IOC Report
PDFixers.exe

loading gif

Files

File Path
Type
Category
Malicious
PDFixers.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
initial sample
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\email-decode.min[1].js
HTML document, ASCII text, with very long lines (1238)
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\css2[1].css
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\VZF1B155.htm
HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\C7S8M5VS\font[1].eot
Embedded OpenType (EOT), Nunito Sans 12pt Light family
dropped
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\Desktop\SumatraPDF.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Apr 19 14:53:08 2024, mtime=Fri Apr 19 14:53:08 2024, atime=Wed Oct 25 05:17:54 2023, length=16065496, window=hide
dropped

Domains

Name
IP
Malicious
pixel.pdfixers.com
104.21.11.17

IPs

IP
Domain
Country
Malicious
104.21.11.17
pixel.pdfixers.com
United States
64.233.185.94
unknown
United States
172.217.215.95
unknown
United States