Malicious PDF — malware analysis report

Static analysis result for SHA-256 074ed36ac3bb9a4a…

MALICIOUS

PDF

39.3 KB Authoring application: ImageMagick
MD5: 39149b880ecf6d8ed7847db22ccf06d2 SHA-1: b8111406a003b49941faac3e7e3df1e9e0cc9340 SHA-256: 074ed36ac3bb9a4a3210cf148d0ec0326b648f638908d0c064143a8551923c3b
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to other PDF files hosted on various domains. This suggests a tactic to manipulate search engine results or distribute malicious content. The ClamAV detection as Pdf.Phishing.TtraffRobotInstall-7605656-0 further supports a malicious intent, likely related to phishing or traffic redirection.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://divinedesign.biz/uploads/1/3/0/6/130639885/rubunorenililewuk.pdf
    • http://www.luvgnv.com/uploads/1/3/0/7/130776017/9640799.pdf
    • http://thetrischettigroup.net/uploads/1/3/0/4/130483142/ca4dae221464954.pdf
    • http://gracieroseandco.com/uploads/1/3/0/5/130542770/5323193.pdf
    • http://asherphotographs.com/uploads/1/3/0/5/130538996/7318952.pdf
    • http://www.rikkimaa.com/uploads/1/3/0/9/130969826/2e0314659.pdf
    • http://solarlandscapes.net/uploads/1/3/0/6/130640155/tovitako_jabumo_takefiji_putiferufezus.pdf
    • http://mountaintherapygroup.com/uploads/1/3/0/5/130539768/losunokegawe.pdf
    • http://romasenzaglutine.com/uploads/1/3/0/8/130813877/pibanonujegal.pdf
    • http://www.lightmatter.eu/uploads/1/3/0/5/130588957/c61ac855.pdf
    • http://patient-wisdom.net/uploads/1/3/0/5/130542773/dcc073a.pdf
    • http://myrole.legal/uploads/1/3/0/6/130604651/nosagarokukibi.pdf
    • http://cen01-67-18-74-22.noc1.net/uploads/1/3/0/3/130379611/roxif.pdf
    • http://forevertreasuredphotographs.com/uploads/1/3/0/7/130775046/naxikedup.pdf
    • http://natureniche.net/uploads/1/3/0/8/130813831/5558e7b65f.pdf
    • http://myfoundtreasure.com/uploads/1/3/0/7/130775277/wuvozemuponik.pdf
    • http://pocketbricks.com/uploads/1/3/0/7/130775683/f032357376.pdf
    • http://huddin.space/uploads/1/3/0/7/130776252/penurolibepe.pdf
    • http://becomeacontractor.com/uploads/1/3/0/5/130544448/mivur_lamozukutina_gusopamu_vazaxusal.pdf
    • http://botoxformenatlanta.com/uploads/1/3/0/4/130492689/44f1854cc2d9c.pdf
    • http://pleasurehouseva.gammaxiques.org/uploads/1/3/0/4/130476908/130476908.html#how+common+is+shoulder+impingement+syndrome

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00003ae9.bin
659d688e2edad701de642dbcaf23645c1dd8dee27c26922248858d54561b5e87		 pdf-font-stream PDF embedded font (sfnt) at offset 0x3AE9 7544 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.