Malicious PDF — malware analysis report

Static analysis result for SHA-256 13b6b2a90e6cc56a…

MALICIOUS

PDF

30.3 KB Created: 2020-05-24 02:57:30 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: e41204d9f9642883248a6fabf1e0c563 SHA-1: 1766fea088d75319466634e32187719dd6226cb4 SHA-256: 13b6b2a90e6cc56a9726dac582aa28d8d1cd4dcfd3998676542c57b83306ad6c
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF contains a large number of embedded external links, a technique often used for SEO spam or to redirect users to malicious sites. The ML classifier strongly indicated maliciousness, and the PDF_SEO_LINK_FARM heuristic identified a mass of external links. While no scripts were explicitly extracted, the presence of embedded URLs suggests an attempt to direct users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9913

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://manjandpatrice.com/uploads/1/3/0/6/130604348/130604348.html#lucky+patcher+madden+mobile
    • http://bjemdesigns.com/uploads/1/3/0/5/130540063/fitaja_sijuguxomazeliv_wemujuti_xewodebowodune.pdf
    • http://dio-training.com/uploads/1/3/1/4/131452942/jagukamometosa.pdf
    • http://chrisyoungroofing.com/uploads/1/3/0/4/130489241/1135765.pdf
    • http://dakotainktattoo.com/uploads/1/3/1/6/131606056/73fb9318ad9a.pdf
    • http://spaeces.com/uploads/1/3/1/3/131381369/7020156.pdf
    • http://kallenfordelegate.com/uploads/1/3/0/6/130621233/zufufujopijugojiti.pdf
    • http://internationalautoservices.com/uploads/1/3/1/6/131607095/julibij.pdf
    • http://trackfactory.net/uploads/1/3/0/8/130873982/74b90.pdf
    • http://wwwamazonprime.net/uploads/1/3/0/7/130739098/5802708.pdf
    • http://bhall.us/uploads/1/3/0/6/130604091/57c67bd4f91e26e.pdf
    • http://bryant-ratliffbuilding.com/uploads/1/3/1/8/131860868/rexalen-tizune.pdf
    • http://booksiwrite.com/uploads/1/3/0/6/130605112/litupawomiv_zimoxulutuzesa_budefusuzefi_xefobos.pdf
    • http://northeastmaterials.com/uploads/1/3/1/4/131414019/vagavipufeliz-lofupovilesig-sogaxefi-tabaz.pdf
    • http://teammods.net/uploads/1/3/0/4/130477490/romuzugiduxogek_dusojiw.pdf
    • http://accountabilityllc.com/uploads/1/3/0/9/130969441/87b9bc2acb4.pdf
    • http://beyondessentialoil.com/uploads/1/3/0/3/130313153/5678667.pdf
    • http://the-tig.com/uploads/1/3/1/4/131437756/kimoxu.pdf
    • http://reliableattorneyserviceca.com/uploads/1/3/0/6/130605280/e3fca186264c.pdf
    • http://joelschiff.com/uploads/1/3/1/0/131071175/wewopu-fobor.pdf
    • http://carolinadance.net/uploads/1/3/0/2/130289729/4682773.pdf
    • http://crystal-coast.com/uploads/1/3/1/4/131483344/kusesukejuwuwe.pdf
    • http://mta-sts.alexandraroth.net/uploads/1/3/0/5/130589293/e7a80fdf34.pdf
    • http://besticandib.com/uploads/1/3/0/4/130491253/61cb78953.pdf
    • http://keepclean2019.com/uploads/1/3/0/4/130483856/ef12a3bcf.pdf
    • http://idealrustics.com/uploads/1/3/1/6/131637306/7607244.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.