Malicious PDF — malware analysis report

Static analysis result for SHA-256 2799d7fd6d95fce9…

MALICIOUS

PDF

24.1 KB Created: 2020-04-13 15:20:11 +03:00 Authoring application: wkhtmltopdf 0.12.1.4 (via Qt 4.8.6)
MD5: 0616c5799d1fb80e04ed867cd4f72ee1 SHA-1: 6000d19f2b733f14a622279b862fe4eaa2aea0dc SHA-256: 2799d7fd6d95fce9ac972c59a375604b004d189efdf84ea650c3f4e2dbeab7f9
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to other PDF files. The ML_NYX_PDF_MALICIOUS heuristic also strongly indicates malicious intent. The primary function appears to be acting as a link farm, potentially for SEO manipulation or to distribute further malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9950

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://wavelinksllc.com/uploads/1/3/0/5/130543383/130543383.html#came+here+for+love+lyrics+and+chords
    • http://bossbeautiesofficial.com/uploads/1/3/0/6/130604715/demurabetutaj.pdf
    • http://magryaudiovisual.com/uploads/1/3/1/4/131408100/xivarurulisamo.pdf
    • http://trinityfitness247.com/uploads/1/3/0/7/130740224/d6aab.pdf
    • http://oakclass.com/uploads/1/3/1/4/131406977/942181.pdf
    • http://hoverhawksystems.com/uploads/1/3/1/3/131380707/tesemapagawores.pdf
    • http://stricklandconsultingllc.com/uploads/1/3/1/0/131070925/xabarom-lazodez-gebizuxetarif.pdf
    • http://graceannfallon.com/uploads/1/3/0/5/130590588/nowifosibe_jizajugesak_xopijemi.pdf
    • http://survivalprepperexpo.com/uploads/1/3/1/4/131455416/zepegitujasese.pdf
    • http://hillsideelectric1.com/uploads/1/3/1/3/131381761/banodajoli.pdf
    • http://myperfecthome.nz/uploads/1/3/0/4/130435721/vixas.pdf
    • http://lunarcoregames.com/uploads/1/3/0/4/130476539/wunakifivujapof_velali.pdf
    • http://bassimasonry.ca/uploads/1/3/0/4/130476104/6022b47.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.