Malicious PDF — malware analysis report

Static analysis result for SHA-256 3d8166b25a40723a…

MALICIOUS

PDF

57.2 KB Created: 2021-03-23 01:21:07 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 7ca70b2dd16829b3cdfb7f7c3f793f91 SHA-1: c1afa0d939bc5d87e6b953269d806079901075d3 SHA-256: 3d8166b25a40723a309f1cc87567b2005d3dd392d1d2d8583ceffd26f99211e1
154 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, many of which point to potentially malicious domains, as indicated by the PDF_SEO_LINK_FARM and PDF_URI heuristics. The ClamAV detection and ML classifier further support its malicious nature. The embedded URLs suggest an attempt to redirect users to phishing or malware-hosting sites, likely as part of a spearphishing campaign.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6420

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://midufefew.ru/award?keyword=stein+shakarchi+functional+analysis+pdf
    • https://cdn.sqhk.co/nuxezitowefi/jbghwhe/android_tv_box_os_for_pc.pdf
    • https://sozusodugalonus.weebly.com/uploads/1/3/4/6/134614171/newurexi.pdf
    • http://bititoxoguxal.22web.org/management_theories_in_nursing_ppt.pdf
    • https://cdn.sqhk.co/wipedekis/jgAhbhd/princess_makeup_salon_play_now.pdf
    • https://cdn.sqhk.co/tatudawo/n6Kiiig/kiwuw.pdf
    • https://cdn-cms.f-static.net/uploads/4392877/normal_5fe9160471945.pdf
    • https://nasuxixogidipan.weebly.com/uploads/1/3/4/7/134701521/lujilesadifixule.pdf
    • https://cdn-cms.f-static.net/uploads/4374703/normal_60105d674d5f4.pdf
    • https://cdn-cms.f-static.net/uploads/4464702/normal_6012e2cccb0f9.pdf
    • https://minaraxu.weebly.com/uploads/1/3/4/7/134765114/11024.pdf
    • https://vemideluguzuni.weebly.com/uploads/1/3/4/6/134680431/6f9766a3455250b.pdf
    • https://cdn.sqhk.co/giruzegovu/P85jhjG/boat_wallpaper_hd_free.pdf
    • https://cdn.sqhk.co/pesamelez/k8srb96/larimexafi.pdf
    • https://uploads.strikinglycdn.com/files/4dc3f98a-dccd-42f4-927b-3ba3254684c6/1496775948.pdf
    • http://kepirodineloga.epizy.com/l_encyclopdie_de_la_couture.pdf
    • http://togaretib.epizy.com/33128650977.pdf
    • https://uploads.strikinglycdn.com/files/2b137a05-490e-462f-90cd-da3c3d8fc6e8/asi_hablo_zaratustra_nietzsche_sinopsis.pdf
    • https://uploads.strikinglycdn.com/files/d1d0b1fe-b0c0-41cb-9061-230be7de5a34/is_american_gods_on_netflix_australia.pdf
    • http://kuxukinilu.rf.gd/mujogowodezalinapopaga.pdf
    • https://uploads.strikinglycdn.com/files/87cc1d30-48ab-4fed-925c-92f098b1e1de/jubamupuwiwarekap.pdf
    • https://uploads.strikinglycdn.com/files/a258b448-8070-47d5-87f4-4a7da6e5dcd5/federal_rules_of_civil_procedure_49.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.