Malicious PDF — malware analysis report

Static analysis result for SHA-256 3e34ece51ff1da0b…

MALICIOUS

PDF

42.6 KB Authoring application: pdf-parser
MD5: ee37cc213706c3f995cc9132036187e4 SHA-1: ff74eb6a4e09a473376a36488428a6c49d1fd52b SHA-256: 3e34ece51ff1da0ba46e96e088eaf4cc455e68458233d1444766547e03da05d9
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The embedded URLs point to various domains, suggesting a link farm designed to attract traffic or distribute malicious content. The ML_NYX_PDF_MALICIOUS and ClamAV detections confirm the malicious nature of the file, likely related to phishing or malware delivery through these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ihateqatar.net/uploads/1/3/0/6/130621912/bodanon.pdf
    • http://manoliskaratarakis.website/uploads/1/3/0/5/130588907/zukif_wolisa_pesakelereredu.pdf
    • http://barridolaw.com/uploads/1/3/0/7/130740530/gudumiv-sufopunit-wovobebadu.pdf
    • http://lisahatchmillinery.com/uploads/1/3/0/5/130588976/1682467.pdf
    • http://septictankpumpinggwinett.com/uploads/1/3/0/4/130476818/romerifonati.pdf
    • http://reggaeclassictouch.com/uploads/1/3/0/6/130605283/7236966.pdf
    • http://novi-ia.com/uploads/1/3/0/6/130639305/zijulasone_mefogabaxopo_lozofu.pdf
    • http://riversidecountyhistory.org/uploads/1/3/0/2/130271234/130271234.html#acute+rheumatic+fever+pathophysiology+ppt

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000119c.bin
a13136c2b13bb7e6dfbf9ecd18119684c1a0ffd665dc801e6b546ef7f3d2f661		 pdf-font-stream PDF embedded font (sfnt) at offset 0x119C 8572 bytes
font_01_sfnt_off00006a05.bin
7471ec992e4158e389dbaa0b5b9cfb0568bc09d348cb54c6c297a87244f0208d		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6A05 2700 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.