Malicious PDF — malware analysis report

Static analysis result for SHA-256 17c30d2732a496d5…

MALICIOUS

PDF

64.0 KB Created: 2021-04-06 05:09:08 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 9592a1d25e6a5c4461061592216efc56 SHA-1: 91f57a9f6e41c2b6f2118dd5f897587f451f8853 SHA-256: 17c30d2732a496d5ca5767b5eda4a1dfc6f759d876a4b1f25bb5e0412135198e
154 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF file contains a large number of external links, many of which point to other PDF files, suggesting a link farm or SEO poisoning tactic. The primary external URL, 'https://jumiwimov.ru/award?keyword=seventh+day+adventist+church+heritage+manual+pdf', indicates a potential phishing or malware distribution lure. ClamAV detection and ML classification further support its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6428

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jumiwimov.ru/award?keyword=seventh+day+adventist+church+heritage+manual+pdf
    • https://cdn-cms.f-static.net/uploads/4417807/normal_604ec4414b2f3.pdf
    • https://cdn.sqhk.co/kubabulukod/mjdhjZM/zombie_road_racing_mod_unlimited_money.pdf
    • https://cdn.sqhk.co/pixukinoma/dl6giE4/strike_fighters_2_north_atlantic_download.pdf
    • https://cdn.sqhk.co/madagijoj/clhgoji/rugesawat.pdf
    • https://static.s123-cdn-static.com/uploads/4405186/normal_5feb6f334206c.pdf
    • https://cdn-cms.f-static.net/uploads/4450345/normal_6041952e291bb.pdf
    • https://cdn-cms.f-static.net/uploads/4390642/normal_602895a2b243e.pdf
    • http://bokazisenu.22web.org/52051702031.pdf
    • https://cdn-cms.f-static.net/uploads/4422148/normal_605674a4af89d.pdf
    • https://cdn-cms.f-static.net/uploads/4382976/normal_5fd6e4368e660.pdf
    • https://cdn-cms.f-static.net/uploads/4486368/normal_6056a56c1a77f.pdf
    • https://cdn-cms.f-static.net/uploads/4480898/normal_6046667ac4719.pdf
    • https://cdn-cms.f-static.net/uploads/4366668/normal_602aa499c0d18.pdf
    • https://cdn-cms.f-static.net/uploads/4474223/normal_5fd3722c0540e.pdf
    • http://sexapixir.22web.org/que_es_un_languideciendo.pdf
    • http://wexugemo.epizy.com/vinonokizufidasalitikoxir.pdf
    • https://5a98ae10-8c7e-48da-b83f-9bcbc644cfa3.filesusr.com/ugd/9a8764_14e11a1c01744fbc99fd14e20913183b.pdf?index=true
    • https://a0d2adcf-75bd-42a9-a42a-c23e1c6e9e1a.filesusr.com/ugd/85c99c_ee05eb9cdf6b4ac89689db402ddb27ba.pdf?index=true
    • https://43fe4710-460a-4ad3-90dc-2dd795c51528.filesusr.com/ugd/a32c20_2fbdf3a46224482887eebbe04103b668.pdf?index=true
    • https://c6de0af5-2a4c-46da-924c-839bccb102c6.filesusr.com/ugd/5f1f0f_81183910829948f78138be34a63deaf8.pdf?index=true
    • http://kozolamo.rf.gd/self_perception_theory.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.