PDF malware analysis — malicious · 2a5b9259b18be35b

MALICIOUS

PDF

39.1 KB Created: 2020-05-19 13:25:03 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: 7a4860c8a04a878576fe0e9e379e6660 SHA-1: e58351187dfef87a398887b52f1c9cc6a4ca4346 SHA-256: 2a5b9259b18be35b303ece7aacb5e34aafe7b61fbdfc57635dbf5aead56d17c1

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded external links, a technique often used for SEO poisoning or to redirect users to malicious websites. The heuristic 'PDF_SEO_LINK_FARM' specifically identified this behavior, indicating a likely attempt to drive traffic to a network of sites. No scripts were extracted from this sample, limiting further analysis of its specific payload delivery mechanism.

Heuristics 3

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://medarsolution.com/uploads/1/3/0/5/130588617/130588617.html#diagnostic+microbiology+pdf
- http://alternativetransportationgroup.com/uploads/1/3/0/6/130603838/def923e32.pdf
- http://bfitwithbrooks.com/uploads/1/3/1/4/131437341/8444169.pdf
- http://braysflooring.com/uploads/1/3/0/8/130874678/tekidixijadisuwok.pdf
- http://domainspremier.net/uploads/1/3/0/6/130620297/noten_mazorejapasa_bekowabe.pdf
- http://bshppopup.com/uploads/1/3/0/7/130775278/jurusikob.pdf
- http://mywilsons.org/uploads/1/3/0/5/130539373/97d319047f8.pdf
- http://fcbtlaw.com/uploads/1/3/0/5/130588620/62f55.pdf
- http://mjmallory.com/uploads/1/3/1/6/131606353/legegilufak_bozafugonuni.pdf
- http://corduroyvintage.com/uploads/1/3/0/4/130478868/7492929.pdf
- http://dois.ca/uploads/1/3/0/6/130621335/4683041.pdf
- http://artfulcomposition.com/uploads/1/3/0/3/130313746/wewapasebonijakozev.pdf
- http://dazzlinggoddess.com/uploads/1/3/0/2/130287257/kapusenebel_zimenusa_jiwilusi_kasubibex.pdf
- http://scalespace.net/uploads/1/3/1/3/131398117/gamubekeguvane.pdf
- http://meran.xyz/uploads/1/3/1/4/131454771/975bce4ea17051.pdf
- http://pradomanagement.com/uploads/1/3/1/6/131636697/zabivuk.pdf
- http://975scott.com/uploads/1/3/1/4/131483603/melete_fisuwodalo.pdf
- http://chickadeecharms.shop/uploads/1/3/1/3/131398475/dewiwof.pdf
- http://greenpepr.org/uploads/1/3/0/9/130968961/rodus-wofavebotide-jiguxuvuf-boxedo.pdf
- http://equitationdaily.com/uploads/1/3/0/2/130288757/5669525.pdf
- http://elishebarising.com/uploads/1/3/1/3/131398128/dejitemexozurad-wowoteposena-putotato.pdf
- http://modeparjane.com/uploads/1/3/0/5/130550858/nolaxixesi-fosadupepofe-bewumevusabuse-vexome.pdf
- http://kuzarim.com/uploads/1/3/0/9/130970023/barotigu-ruwejarosape-wizesugat-wuladomoxozebe.pdf
- http://freedomofheart.org/uploads/1/3/0/2/130270823/1406779.pdf
- http://anitaniebuhresthetician.com/uploads/1/3/0/6/130622033/sadimom.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00006ed7.bin` `c86811d05fea84f1a619d48db7f48783a44c23251b4274f920bd117e8385dc70`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x6ED7	9788 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.