Malicious PDF — malware analysis report

Static analysis result for SHA-256 19156841d32c8f1a…

MALICIOUS

PDF

379.4 KB Created: 2022-04-15 12:57:07 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2026-06-22
MD5: d9fc7465d34c4606d56cd5ccdc3615dc SHA-1: 6059022574d519dbb108e7c8c60d3463027ca088 SHA-256: 19156841d32c8f1a60086a0ff8929079ee3e4148b422a9a2e7229c2c2c2f77c1
136 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.5595

Heuristics 5

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
    PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://lazav.co.za/XSRYdR1H?utm_term=agenda+2030+pdf+onu PDF link annotation
    • https://pofomagod.weebly.com/uploads/1/3/1/4/131483550/2a025cb.pdfIn PDF document text
    • https://vujanakisa.weebly.com/uploads/1/3/4/4/134401771/nakedidaleka.pdfIn PDF document text
    • https://apz-arte.com/ckfinder/userfiles/files/tujonafonu.pdfIn PDF document text
    • http://xyr59.com/filespath/files/20220414185629.pdfIn PDF document text
    • http://hongpakthai.com/ckfinder/userfiles/files/90225437881.pdfIn PDF document text
    • https://bativizamazon.weebly.com/uploads/1/3/4/7/134770744/rekopiwuwoni_vowefuz_bituriv.pdfIn PDF document text
    • https://siputewebototab.weebly.com/uploads/1/3/4/4/134480832/1a8fd2fb9e.pdfIn PDF document text
    • https://goraworozegisu.weebly.com/uploads/1/3/4/3/134324811/nuwotibepukexolaju.pdfIn PDF document text
    • https://favigexa.weebly.com/uploads/1/3/0/7/130738696/lujok-satejiwokon-jetibelosapan.pdfIn PDF document text
    • https://fobepomakiroka.weebly.com/uploads/1/3/0/8/130874330/xotepametefik_xegukenewerawiz_xifivaw.pdfIn PDF document text
    • https://tafanoxuxirugo.weebly.com/uploads/1/3/5/3/135327873/16c07a1db35d43.pdfIn PDF document text
    • https://zubakuzom.weebly.com/uploads/1/3/7/5/137513000/noweregitubif_resasijudux.pdfIn PDF document text
    • https://kusopekazebap.weebly.com/uploads/1/3/1/3/131398241/dozapa.pdfIn PDF document text
    • http://toptoptraining.ru/img/upload/file/27844426708.pdfIn PDF document text
    • https://tugarekuxu.weebly.com/uploads/1/3/4/3/134307697/mofiwupibekujop-vegefewewe.pdfIn PDF document text
    • https://ijaetis.org/ckfinder/userfiles/files/79749922464.pdfIn PDF document text
    • https://delularisif.weebly.com/uploads/1/3/4/4/134482541/30c5e1b0b6b852.pdfIn PDF document text
    • https://tewosafaxuw.weebly.com/uploads/1/3/1/3/131379700/f6677901b2d96.pdfIn PDF document text
    • https://lovokomurifo.weebly.com/uploads/1/4/1/4/141457569/6866931.pdfIn PDF document text
    • https://birinubawode.weebly.com/uploads/1/3/6/0/136026057/novebalafusizogavo.pdfIn PDF document text
    • http://rowadhr.com/app/webroot/upload/files/49867092190.pdfIn PDF document text
    • https://wixufefiwu.weebly.com/uploads/1/3/4/8/134883310/808120af501.pdfIn PDF document text
    • https://pamezupiv.weebly.com/uploads/1/3/0/7/130775156/60521.pdfIn PDF document text
    • https://karinavoru.weebly.com/uploads/1/3/4/0/134017817/0b662c8a3.pdfIn PDF document text
    • https://getedizexagan.weebly.com/uploads/1/3/0/7/130740146/7158304.pdfIn PDF document text
    • https://kuxubujokug.weebly.com/uploads/1/3/0/7/130775750/1913c7e6.pdfIn PDF document text
    • https://retafonifunaji.weebly.com/uploads/1/4/1/2/141231440/bofemakatalufi.pdfIn PDF document text
    • https://numojenemisuben.weebly.com/uploads/1/3/2/3/132303045/xumabaxezelov.pdfIn PDF document text
    • http://reklamnizbozi.cz/data/upload/files/wamopanafotasajojagobut.pdfIn PDF document text
    • https://joninotabuxid.weebly.com/uploads/1/3/5/3/135387421/e1b57da3af7.pdfIn PDF document text
    • https://vefutafefu.weebly.com/uploads/1/3/4/8/134882527/94ba51c1.pdfIn PDF document text
    • https://ludubilataso.weebly.com/uploads/1/3/4/7/134719947/vomenezuv.pdfIn PDF document text
    • https://gufekesunix.weebly.com/uploads/1/3/4/8/134888283/ffd50249ca.pdfIn PDF document text
    • https://vabuxijipureg.weebly.com/uploads/1/3/4/4/134476882/tisez.pdfIn PDF document text
    • https://jovuximunises.weebly.com/uploads/1/3/0/8/130814448/xusonuzidir.pdfIn PDF document text
    • https://tisizapotiw.weebly.com/uploads/1/3/0/7/130776245/xinuli.pdfIn PDF document text
    • https://bibonuben.weebly.com/uploads/1/3/4/5/134576194/kunesomujotifum.pdfIn PDF document text
    • https://rovumixonisi.weebly.com/uploads/1/3/4/0/134012407/nibadumudasu.pdfIn PDF document text
    • https://voduvavib.weebly.com/uploads/1/3/4/0/134096125/37a2f4fb9f3183.pdfIn PDF document text
    • https://tiwabegi.weebly.com/uploads/1/3/0/8/130874513/9444357.pdfIn PDF document text
    • https://jabiwogox.weebly.com/uploads/1/3/1/4/131453485/xugebunovusubij_digupuzafilomoj_dabofepapilefup.pdfIn PDF document text
    • https://datizefoz.weebly.com/uploads/1/4/1/4/141417289/58874da27d94fee.pdfIn PDF document text
    • https://mefupajudeto.weebly.com/uploads/1/3/4/8/134883840/zobake_wenowalopigel_ragofuk.pdfIn PDF document text
    • https://xevuradapo.weebly.com/uploads/1/3/3/9/133986258/jozubelibiga.pdfIn PDF document text
    • https://kedasawavofari.weebly.com/uploads/1/3/4/5/134589708/mefoledokurew-dodoxidipeberi-gudaxaxava.pdfIn PDF document text
    • https://retorize.weebly.com/uploads/1/3/0/9/130969817/ee1cf66.pdfIn PDF document text
    • https://gufavugowiguxu.weebly.com/uploads/1/3/4/5/134590320/jipuguk.pdfIn PDF document text
    • https://mewerenazedesaf.weebly.com/uploads/1/3/4/8/134885553/7279265.pdfIn PDF document text
    • https://gopukuwemeg.weebly.com/uploads/1/3/4/3/134314354/pekorurapigu_siwapizox_dezifu.pdfIn PDF document text
    +10 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00057b93.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x57B93 16792 bytes
SHA-256: 9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1
font_01_sfnt_off000593a5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x593A5 19052 bytes
SHA-256: 91bc4a088adecde36034a30ae0b657d991c303e5198a15027ccc8b127a714754
font_02_sfnt_off0005c47b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x5C47B 10664 bytes
SHA-256: a54d0e8705016dfa1ebdcad186d0b01cd3a5e01cb786b7d7e7b383f48ea3110e

Open this report in the interactive analyzer, or submit your own file for analysis.