Windows Analysis Report
101_Labs_Cisco_CCNA.pdf

Overview

General Information

Sample Name:	101_Labs_Cisco_CCNA.pdf
Analysis ID:	780196
MD5:	0c5f4b8c16d7e9f52b85f7bfac5e6bee
SHA1:	5ea2c0b17ff1d154904a7e1bff208705dd90edf3
SHA256:	36630349f85fa4eada1490d32ef4437bd463d71d67590bb1f69a65c0711b8c79
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: 101_Labs_Cisco_CCNA.pdf	String found in binary or memory: http://www.101labs.net/)
Source: 101_Labs_Cisco_CCNA.pdf	String found in binary or memory: http://www.101labs.net/resources)
Source: 101_Labs_Cisco_CCNA.pdf	String found in binary or memory: http://www.howtonetwork.com/)
Source: 101_Labs_Cisco_CCNA.pdf	String found in binary or memory: http://www.in60days.com/)
Source: 101_Labs_Cisco_CCNA.pdf	String found in binary or memory: http://www.mypage.com/)
Source: 101_Labs_Cisco_CCNA.pdf	String found in binary or memory: https://calibre-ebook.com
Source: 101_Labs_Cisco_CCNA.pdf	String found in binary or memory: https://www.101labs.net/)
Source: 101_Labs_Cisco_CCNA.pdf	String found in binary or memory: https://www.onworks.net/)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx

Jump to behavior

Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: http://www.mypage.com/
Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: https://www.onworks.net/
Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: http://www.101labs.net/
Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: http://en.wikipedia.org/wiki/domain_name_system
Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: http://www.101labs.net/resources
Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: https://www.101labs.net/
Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: http://www.in60days.com/
Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: http://en.wikipedia.org/wiki/Domain_Name_System
Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: http://www.howtonetwork.com/

Source: classification engine

Classification label: clean0.winPDF@9/59@0/1

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\101_Labs_Cisco_CCNA.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: PDF keyword /JS count = 0
Source: 101_Labs_Cisco_CCNA.pdf	Initial sample: PDF keyword /JavaScript count = 0