Malicious PDF — malware analysis report

Static analysis result for SHA-256 010d7986f36883c8…

MALICIOUS

PDF

75.3 KB Created: 2021-04-02 05:16:20 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 1008f0f4addfa6c0972f053861e6da98 SHA-1: 8381b5df1ec2bb1581e59c8fde439cd3e451693b SHA-256: 010d7986f36883c8676bf04a3294753c8c921137969507cdd28e54e768a60afb
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9996

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://dafemum.ru/award?keyword=bacteriophages+biology+and+applications+pdf
    • https://manobafezelibo.weebly.com/uploads/1/3/1/6/131636879/488414.pdf
    • http://microdigitalmeter.xyz/mapijorupogajiwosogewujuhg8yi.pdf
    • https://xisuludibu.weebly.com/uploads/1/3/5/3/135300694/2245658.pdf
    • http://tanemazijafawin.medianewsonline.com/poultry_production_and_management.pdf
    • http://sdek-24.cc/7_baby_steps_dave_ramsey_youtubev6btg.pdf
    • http://zegobudipaju.mywebcommunity.org/17090158760.pdf
    • http://xonejalevesezom.sportsontheweb.net/sizulopeduvenatomasu.pdf
    • https://subafeso.weebly.com/uploads/1/3/3/9/133986831/5454040.pdf
    • http://hookup757.fun/33095278600u6oxm.pdf
    • http://business-open.online/how_to_start_fluval_406sqoob.pdf
    • https://wiruwopifezub.weebly.com/uploads/1/3/4/3/134345133/rofapemunobofura.pdf
    • https://uploads.strikinglycdn.com/files/739a85bc-29df-4f5b-974a-fedf0b3be692/nivox.pdf
    • https://uploads.strikinglycdn.com/files/3900f139-0282-4f4c-87ef-3fdf8bc80d95/jorijuve.pdf
    • https://s3.amazonaws.com/tojazudibumogab/speedometer_for_gta_san_andreas.pdf
    • https://uploads.strikinglycdn.com/files/630ecbbe-167b-4f35-99f8-f827d15921ab/75347140790.pdf
    • https://uploads.strikinglycdn.com/files/fb5d54b5-a299-4696-b747-6eb0d0f2960a/2000_honda_accord_service_manual.pdf
    • https://s3.amazonaws.com/gizonukorad/anganwadi_supervisor_form_2018_in_haryana.pdf
    • https://s3.amazonaws.com/betefowubevat/aashto_lrfd_bridge_2012.pdf
    • https://uploads.strikinglycdn.com/files/f2d05c6f-9374-4eed-93bb-d2d4ed728f8a/the_hunger_games_catching_fire_cast.pdf
    • https://uploads.strikinglycdn.com/files/26505278-6668-483b-9175-d49b1ea80172/dir-615_firmware_20.07_download.pdf
    • https://uploads.strikinglycdn.com/files/ce7840a4-3a8e-4024-acac-65b4413e8a3a/ohio_university_football_parking_map.pdf
    • https://s3.amazonaws.com/bisazabe/93358493057.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.