Malicious PDF — malware analysis report

Static analysis result for SHA-256 246f57d75e6d5cea…

MALICIOUS

PDF

39.8 KB Authoring application: PDFedit First seen: 2021-01-11
MD5: ca7284c41f77e59df85fa277cbb569ec SHA-1: 8237f3c4e35e1e77fb92ccdf61a6f6abeded42d5 SHA-256: 246f57d75e6d5cea31bbbbff90c7bbce908a64236cacf52f5925d6a5839df2e2
152 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://giwab.anal-teens.fun/uploads/2020/01/28/gobezarag-mevagapix-tulad.pdf In PDF document text
    • http://xotiwovek.pavlin-spb.ru/uploads/2020/01/28/xefopafopexaguvexe.pdfIn PDF document text
    • http://fewifovuf.geo-leo.com/uploads/2020/01/28/54085b9809.pdfIn PDF document text
    • http://quillesthon.com/uploads/1/3/0/3/130324386/wegerenido_zonelowefox_zuxolalori.pdfIn PDF document text
    • http://strykertech.com/uploads/1/3/0/6/130604612/rofosowofijubepej.pdfIn PDF document text
    • http://xxxsexy.fun/uploads/2020/01/28/zanalapemavixo.pdfIn PDF document text
    • http://mirigos.tvori-shedevr.ru/uploads/2020/01/28/ffcf414.pdfIn PDF document text
    • http://carolinastitchery.com/uploads/1/3/0/5/130550915/9747597.pdfIn PDF document text
    • http://nandighee.com/uploads/1/3/0/5/130590592/govenorogomojul-losalor-kibejimeduzan.pdfIn PDF document text
    • http://penu.tele-zvon.ru/uploads/2020/01/28/pewolutopor_dedoxawivu_puluxuzot_jegis.pdfIn PDF document text
    • http://jltconstructionmt.com/uploads/1/3/0/4/130483856/130483856.html#transformations+reflection+rotation+translation+enlargementIn PDF document text
    • http://linux.thai.net/projects/fonts-tlwgIn PDF document text
    • http://www.thaitux.infoIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000012d5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x12D5 8088 bytes
SHA-256: e9ea050af9c673769b3da97a26d0e48fd951a7ee85e181168fb675c1558c686f
font_01_sfnt_off00005174.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x5174 10764 bytes
SHA-256: 9dbefd29ad56edc3ec27c88540d7d41398a664ae3f1544cdca53ccca226c91b2

Open this report in the interactive analyzer, or submit your own file for analysis.