Malicious PDF — malware analysis report

Static analysis result for SHA-256 26ccd120b44468e2…

MALICIOUS

PDF

75.5 KB Created: 2021-03-20 04:24:31 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 0cecbd611f2dfd261155d8c45d991178 SHA-1: e53258131bb27feb4b6e4505bba4bf8ec3854853 SHA-256: 26ccd120b44468e2ac878415e3506e44216809a838e06118ac719a975b8343dd
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9997

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://botokaw.ru/award?keyword=types+of+seismic+waves+pdf
    • https://cdn.sqhk.co/bepoweruga/7AiiDia/maternal_instinct_movie_2019_cast.pdf
    • http://meriline.store/makawiwxhnp4.pdf
    • http://dalejupoguj.22web.org/jowikuzifafa.pdf
    • http://amorexpo.com/dr_seuss_beginner_book_video_green_eggs_and_ham_vhskbdau.pdf
    • https://cdn.sqhk.co/wifuponi/dAj7Egh/sticker_hub_wastickers_hot_springs.pdf
    • http://conicppjry.bid/temulezakamadaz9i7c6.pdf
    • https://cdn.sqhk.co/zarifabidit/iHPfdja/kunaxusemumadedukowi.pdf
    • http://tehnotop.store/msp_hack_account_tooleqgzl.pdf
    • http://choosenews.space/lesafopowusawotajodubarugcllbj.pdf
    • https://cdn.sqhk.co/simunenij/jbAhjjg/forklift_truck_checklist_template.pdf
    • https://cdn.sqhk.co/definuseju/Vjfghvr/89739693659.pdf
    • https://s3.amazonaws.com/tinezedu/34124523069.pdf
    • https://uploads.strikinglycdn.com/files/45da0a6d-e3b5-41e3-9b31-142699cadf4d/8212477170.pdf
    • https://uploads.strikinglycdn.com/files/b8ceafc9-a16e-40db-b767-ee69f6127a90/public_speaking_classes_online.pdf
    • https://uploads.strikinglycdn.com/files/22051477-2134-4454-a03f-e024c709c62f/54060088530.pdf
    • https://02aee961-309f-4c8b-9790-08f12c26706e.filesusr.com/ugd/8321db_ca8acfa6b1c74bc6bdc714c052c25c31.pdf?index=true
    • https://uploads.strikinglycdn.com/files/fa851e17-7b11-44b3-8f42-22d2b4f085d2/rinnai_gas_heater_fault_12.pdf
    • https://a62e46b8-d933-4087-892c-e5439cec6991.filesusr.com/ugd/e9cba9_debfeb5f67b948cdae5f281d00ccdd73.pdf?index=true
    • https://s3.amazonaws.com/gawabog/feasterville_weather_report.pdf
    • http://ziriboxemo.epizy.com/nutrition_assessment_tools.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.