Malicious PDF — malware analysis report

Static analysis result for SHA-256 04327936209efc38…

MALICIOUS

PDF

45.6 KB Created: 2021-03-17 19:07:45 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-24
MD5: 5fc8191d5340fa9f2dfdaf0931dd8acf SHA-1: c02497dbb2c062438f5371a3980cf86831302c41 SHA-256: 04327936209efc389d532fc919780c4fbd316a5e93a5c9299911bda758f48223
154 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8151

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://fokemale.ru/strik?utm_term=what+does+tough+on+crime+tough+on+the+causes+of+crime+mean PDF link annotation
    • http://mnclassis.org/5765270258ojtsd.pdfIn PDF document text
    • https://waxebusesu.weebly.com/uploads/1/3/4/7/134770319/a472a.pdfIn PDF document text
    • https://zudezujom.weebly.com/uploads/1/3/1/3/131384555/bikesuf.pdfIn PDF document text
    • http://opt15.ru/powershot_pro_stapler_how_to_loadhy7dx.pdfIn PDF document text
    • https://xarudaxukisa.weebly.com/uploads/1/3/4/0/134018653/244302.pdfIn PDF document text
    • http://gijutudubesakuz.iblogger.org/naturalism_vs_realism.pdfIn PDF document text
    • http://lesodabat.epizy.com/xurazijigowiteb.pdfIn PDF document text
    • https://s3.amazonaws.com/susonanezaj/raxipupomiledofujolil.pdfIn PDF document text
    • https://s3.amazonaws.com/wovugi/international_business_management_subject.pdfIn PDF document text
    • https://s3.amazonaws.com/wupiwupiwot/ultimate_diet_2.0.pdfIn PDF document text
    • https://s3.amazonaws.com/fejakixoweka/research_proposal_example_apa_7th_edition.pdfIn PDF document text
    • https://2a1457bb-a4d2-449b-8914-d784a503a6da.filesusr.com/ugd/c0fca2_e2d8cd11444047ce874c7c05838a50f3.pdf?index=trueIn PDF document text
    • https://5548a280-a194-4776-8019-0e256783c1fa.filesusr.com/ugd/f2c1dc_0b471378d2fe47c4b0f60f8cc5b6c383.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/pirofopafu/brawl_stars_apk_apkpure.pdfIn PDF document text
    • https://s3.amazonaws.com/ligole/63622262446.pdfIn PDF document text
    • https://s3.amazonaws.com/gonima/jaiib_accounting_and_finance_book.pdfIn PDF document text
    • https://4b3c1411-62fe-4b74-ac0d-dad8ff5dd90a.filesusr.com/ugd/d10829_4ba2a3f1180441f791707b34fe75f9cd.pdf?index=trueIn PDF document text
    • https://2eeb51df-07ba-4372-80d9-1ef4646fc7f7.filesusr.com/ugd/6af210_0d3e9ef592a9478e8c7a388218ce32e2.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/pulujolatepuv/le_codveloppement_professionnel_guide_du_facilitateur.pdfIn PDF document text
    • https://s3.amazonaws.com/vuxagixil/ernest_hemingway_cat_in_the_rain_theme.pdfIn PDF document text
    • http://buxodanukesidup.epizy.com/acknowledgement_of_service_form_d10.pdfIn PDF document text