Malicious PDF — malware analysis report

Static analysis result for SHA-256 2d161171e01d9b69…

MALICIOUS

PDF

34.3 KB Authoring application: Solid Converter PDF
MD5: 9e5f1ff98e94161d2e5ed188e3e8cbab SHA-1: 69f7afbdada789495cef3b47e7d725e53c73742c SHA-256: 2d161171e01d9b69ce6ce6e81d617cdf3479ad2d0a8869ff821dfa746fd0ece1
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on various domains. This is indicative of a link farm or SEO manipulation tactic, likely intended to direct users to malicious content or phishing pages. The ClamAV detection and ML classifier strongly support its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://standardroofco.com/uploads/1/3/0/2/130291471/fc216a68ba93a9e.pdf
    • http://spintosouza.com/uploads/1/3/0/7/130776898/pinob.pdf
    • http://geosavesflorida.com/uploads/1/3/0/8/130813804/ce11159.pdf
    • http://webmgv.com/uploads/1/3/0/8/130873982/e0a88.pdf
    • http://poolservicesfrisco.com/uploads/1/3/0/4/130489776/b1b9b10645d.pdf
    • http://newlifeknox.com/uploads/1/3/0/7/130775197/wiwezeman.pdf
    • http://kcbbc.org/uploads/1/3/0/6/130640057/1120308.pdf
    • http://littlethatch.net/uploads/1/3/0/7/130775893/givax.pdf
    • http://jvwritingv2.club/uploads/1/3/0/5/130551015/33f159f47411bf8.pdf
    • http://skmmglobal.us/uploads/1/3/0/4/130477048/bakak-nuvisofebi-bojutisij.pdf
    • http://skiesthelimitphotography.com/uploads/1/3/0/4/130483193/8223014.pdf
    • http://redraygun.com/uploads/1/3/0/7/130739699/zowonisibunu-dakoj.pdf
    • http://pauliwan.co.uk/uploads/1/3/0/6/130620546/7149710.pdf
    • http://strippersinaustin.com/uploads/1/3/0/4/130483370/c07077ba7154.pdf
    • http://presidiowebdesign.com/uploads/1/3/0/2/130288580/c8c382f9676.pdf
    • http://adsl-63-204-18-41.benefitplans.org/uploads/1/3/0/8/130873917/130873917.html#what+are+the+advantages+and+disadvantages+of+recombinant+dna+technology

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002ce9.bin
767d010034fdfb66339d05544618e1cb4a6d119aa04eaa50b81ec31f98381940		 pdf-font-stream PDF embedded font (sfnt) at offset 0x2CE9 7388 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.