Malicious PDF — malware analysis report

Static analysis result for SHA-256 24066e66a34fe2f0…

MALICIOUS

PDF

41.9 KB Authoring application: Adobe PDF Library 9.0 First seen: 2021-01-15
MD5: ac254e31eb8776989853fc6663c01f1f SHA-1: 6ab0d226b4d4a28922fe94333fab33f32701ea65 SHA-256: 24066e66a34fe2f04c82f495cd26c957aa29d31cc1d377a3aad51c47d1ec4ca4
160 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 4

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Fake invoice / payment lure low SE_INVOICE_LURE
    Document contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://constructiondiaries.net/uploads/1/3/0/4/130483305/301e2eeee.pdf In PDF document text
    • http://www.healingtouchenergy.com/uploads/1/3/0/2/130270982/3074599.pdfIn PDF document text
    • http://thesouthernscene.com.au/uploads/1/3/0/6/130622095/vevevatizopid.pdfIn PDF document text
    • http://alcohol-counseling.net/uploads/1/3/0/4/130483765/749ac0063c1355.pdfIn PDF document text
    • http://mossellsworth.com/uploads/1/3/0/2/130288775/lagobopoge_mupumezifa_barojel_nonomujibilena.pdfIn PDF document text
    • http://webdisk.activistchannel.com/uploads/1/3/0/8/130874143/9036801.pdfIn PDF document text
    • http://simpliwebdesign.tech/uploads/1/3/0/6/130605339/degutedijas_boxavelo.pdfIn PDF document text
    • http://www.kindofclever.com/uploads/1/3/0/4/130490314/6359498.pdfIn PDF document text
    • http://anxietydepressionbreakthrough.com/uploads/1/3/0/5/130588613/bf00e1e3edaf4.pdfIn PDF document text
    • http://threeoakwinery.com/uploads/1/3/0/4/130483469/20fece5aadd.pdfIn PDF document text
    • http://michael-montoya.com/uploads/1/3/0/3/130313555/fa6584af6.pdfIn PDF document text
    • http://www.westshorewinebar.com/uploads/1/3/0/6/130621800/cd2d932a.pdfIn PDF document text
    • http://teamsnark.com/uploads/1/3/0/7/130740003/ad67e876edb.pdfIn PDF document text
    • http://drgnwear.club/uploads/1/3/0/4/130476203/5685531.pdfIn PDF document text
    • http://altlyf.com/uploads/1/3/0/6/130639465/xuloluj_pudesoxofudi.pdfIn PDF document text
    • http://miles-of-trees.org/uploads/1/3/0/2/130289224/9853938.pdfIn PDF document text
    • http://awpcmarianna.com/uploads/1/3/0/4/130483546/1639766.pdfIn PDF document text
    • http://ortigroupltd.com/uploads/1/3/0/8/130814914/wugewelis.pdfIn PDF document text
    • http://cpanel.evylareau.com/uploads/1/3/0/6/130605292/130605292.html#rent+lease+agreement+format+in+tamilIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000046bb.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x46BB 7908 bytes
SHA-256: a36f18767eea98a39021d1ea76ee0124c76cf1d3f54a76a10d6d7416a7b12f9c

Open this report in the interactive analyzer, or submit your own file for analysis.