PDF malware analysis — malicious · 019f6592f1dc07e9

MALICIOUS

PDF

64.0 KB Created: 2021-03-16 22:32:03 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: 49120a26fed750a97a61328d276ea4cf SHA-1: af0d8509d3bd80c7ec462f21e1f9004f38eb5fc2 SHA-256: 019f6592f1dc07e9541276cfa52535ef36ddc9be792aebe268279078bee69211

154 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, many of which are generated for SEO purposes, suggesting a link farm or spamming operation. The primary URL, 'https://dugedepap.ru/award?keyword=arabian+nights+pdf+piano', is suspicious and likely leads to malicious content or phishing. ClamAV also detected this file as a phishing trojan.

Machine Learning

Nyx PDF Classifier malicious score 0.5526

Heuristics 4

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://dugedepap.ru/award?keyword=arabian+nights+pdf+piano
- https://sawinabepetejex.weebly.com/uploads/1/3/4/7/134714359/vexasu.pdf
- https://nozagovedenide.weebly.com/uploads/1/3/2/6/132682533/jizexekox.pdf
- https://webunufilijamo.weebly.com/uploads/1/3/4/6/134677486/nakeligudufozafu.pdf
- http://masito.space/25855112805jmbsi.pdf
- http://mmuuue.space/diwowasikovojule2398u.pdf
- http://love-your-lips.online/diary_of_a_wimpy_kid_full_movie_2012m5jsg.pdf
- http://jaxagogilexet.sportsontheweb.net/jaxoxakuzilijuxesuziremak.pdf
- https://vafarisitoguv.weebly.com/uploads/1/3/0/8/130874489/zekizi.pdf
- https://nukoxola.weebly.com/uploads/1/3/1/3/131380146/wofeza.pdf
- http://pofuxubilet.sportsontheweb.net/divine_mercy_chaplet_chant.pdf
- http://rasezatoxefu.mygamesonline.org/38862708392.pdf
- https://79d86aa2-23c4-4aa0-a0dc-c16ac59ae55d.filesusr.com/ugd/ecb701_530dc398536741ef81135ef08d1fa532.pdf?index=true
- https://uploads.strikinglycdn.com/files/afbea0f6-2b9b-4536-ae86-3400a14215cd/samsung_bd_p1600.pdf
- https://uploads.strikinglycdn.com/files/95d67f8d-8840-4d58-bd4f-cbd74ec9f9c9/how_much_do_cortisone_injections_cost_in_ireland.pdf
- https://s3.amazonaws.com/jenisozazewubo/24699591320.pdf
- https://uploads.strikinglycdn.com/files/573297a3-646f-416b-980f-19389e5a74f6/43376802570.pdf
- https://144ece88-722e-4d59-a9d1-ae16887514c2.filesusr.com/ugd/48b17f_51e3a20f9bfd4e7994fc3f9461230d2f.pdf?index=true
- https://uploads.strikinglycdn.com/files/66b85933-344b-4d3a-8196-cf6cd09a0758/mastering_modern_calligraphy_by_molly_suber_thorpe.pdf
- https://d8d078ea-10ec-4787-8e21-ef6e32b87a24.filesusr.com/ugd/8f6098_fc21c0d35c074c14bf1a94d7a0746c65.pdf?index=true
- http://bejanifezilo.atwebpages.com/19731833495.pdf
- https://27420876-d215-4860-9a72-f48db0d0c320.filesusr.com/ugd/4062c2_0710b41419554b3d888300625e992537.pdf?index=true
- http://karokifewugasuz.onlinewebshop.net/68400048571.pdf
- https://s3.amazonaws.com/domegagowevag/carole_and_tuesday_loneliest_girl_piano_sheet.pdf
- https://s3.amazonaws.com/potamotaz/kofefutunirovu.pdf
- https://uploads.strikinglycdn.com/files/1d860d50-2091-419a-98c0-f91b6f680c4c/place_value_chart_thousands_hundreds_tens_ones.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.