Malicious PDF — malware analysis report

Static analysis result for SHA-256 3d787b35a4f6449b…

MALICIOUS

PDF

33.8 KB Authoring application: OpenOffice.org First seen: 2021-01-23
MD5: 555ac6f9b3a7c8afe7040676dd95ca78 SHA-1: 5d672b57063fee7204cd3585176e2abfad8ab14c SHA-256: 3d787b35a4f6449be9f6612598b6829737b56e404f801011e3f0acf8a42f2895
152 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://rika.solomonka.online/uploads/2020/01/28/jubinufogeto.pdf In PDF document text
    • http://saduf.assfuck.fun/uploads/2020/01/27/mavixa_sabaxu_ponamejitupu.pdfIn PDF document text
    • http://mufe.clearcaptioner.tech/uploads/2020/01/27/wewej.pdfIn PDF document text
    • http://ganuv.sleepgid.ru/uploads/2020/01/27/mezolaguni_leguwoxavizu.pdfIn PDF document text
    • http://vegon.krasiva24.com/uploads/2020/01/28/dc0be0cbea4aa.pdfIn PDF document text
    • https://futetekixokep.weebly.com/uploads/1/3/0/3/130323789/2123399.pdfIn PDF document text
    • http://daewoo.fun/uploads/2020/01/27/pasar-papevadal-jukelofebej.pdfIn PDF document text
    • http://vaponakum.svobodafond.ru/uploads/2020/01/27/nevadogawive.pdfIn PDF document text
    • http://pedokivet.blog-sovetov.ru/uploads/2020/01/27/gebamezememudidaxa.pdfIn PDF document text
    • http://nitunaj.solicitacoes.online/uploads/2020/01/28/bewazub.pdfIn PDF document text
    • http://nemuwalax.agicole-acces.com/uploads/2020/01/27/sudigalidarut-xubinimojudased-sifebagifaw.pdfIn PDF document text
    • http://zitop.sovetnmo.com/uploads/2020/01/28/7c125bb19.pdfIn PDF document text
    • http://bewumure.ashurov.com/uploads/7786824.html#mary+boas+mathematical+methodsIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001310.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1310 7900 bytes
SHA-256: 13dcd6b9f0b457f1dc4ce575e59742f97d4c63ed07593ae77d7628614ba65da3

Open this report in the interactive analyzer, or submit your own file for analysis.