Malicious PDF — malware analysis report

Static analysis result for SHA-256 4576f12fb10a8374…

MALICIOUS

PDF

54.5 KB Created: 2021-03-20 09:32:01 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 15fe6537629876d8a0cbd8ed67cae300 SHA-1: 2c9784c3eb5e1698f2954dc707666d8a5e317e37 SHA-256: 4576f12fb10a8374eef8eb74ebd3a533f4c62d964685f02dde602cbd71fc2dc0
154 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains numerous external links, many of which point to other PDF files, suggesting a link farm or a method to distribute further malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a large number of external links, and the ClamAV detection as 'Pdf.Phishing.Trojan' confirms malicious intent. The embedded URL 'https://vilenefex.ru/award?keyword=acharya+prashant+books+pdf+download' is likely a lure to disguise the malicious nature of the document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7702

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://vilenefex.ru/award?keyword=acharya+prashant+books+pdf+download
    • https://cdn.sqhk.co/jimikafede/ZfuKhfG/chicken_invaders_5_full_version.pdf
    • https://cdn.sqhk.co/gijosevozu/jcgjjqw/mizofuvojatar.pdf
    • http://lg-copyright.com/liparopotibytn9.pdf
    • https://cdn.sqhk.co/puvubuzu/iKicBhJ/zoleziporapexapogajunorob.pdf
    • http://eagleaff.com/fundamentals_of_investing_13th_edition_freeyvwsx.pdf
    • http://zoosalon.org/4083516089yyyvx.pdf
    • https://cdn.sqhk.co/fidisutipamu/jeiaWRX/truck_driver_city_crush_mod_apk_free_download.pdf
    • http://maykistore.ru/118559867142xe2m.pdf
    • http://zoom-omsk.ru/913463405819jfmw.pdf
    • http://menformula.xyz/trait_points_lotroibjj3.pdf
    • http://ru-payment.casa/pegimijavizf056z.pdf
    • https://cdn.sqhk.co/nojebimit/iXHNjiE/sheet_piano_jingle_bells.pdf
    • https://cdn.sqhk.co/wujodazera/je8ifib/blue_light_glasses_advantages.pdf
    • http://yourcy.com/18804049496idsae.pdf
    • http://repair-foto.ru/86373178064n7tz1.pdf
    • http://mbfsopg.com/introduction_to_human_factors_engineering_second_editionvaqrm.pdf
    • https://ed0f7819-48b4-4c0d-9119-93de03d81b9c.filesusr.com/ugd/e481ce_c71774e55aac4e1f9a22bea607b4b97d.pdf?index=true
    • https://9c789f27-b70c-4c9d-9e83-211ee8f99b38.filesusr.com/ugd/bdeb4c_d0a49047fe8341ed90149e2ac366e2b1.pdf?index=true
    • https://s3.amazonaws.com/donarepemi/kutiroxubofixe.pdf
    • https://1864c106-1a4f-4194-99fb-dabd5a0af450.filesusr.com/ugd/17b194_c14d0e5903fc492ebd39d88b892cd472.pdf?index=true
    • https://s3.amazonaws.com/jupevuxirapi/vevazesogibimolawapepodov.pdf
    • https://944456f3-75eb-4cd6-bbfd-656b3713ada1.filesusr.com/ugd/2c8d66_edcda90b473d4876a564aabcf2fb4f23.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.