Malicious PDF — malware analysis report

Static analysis result for SHA-256 4ac10acff2198255…

MALICIOUS

PDF

61.2 KB Created: 2021-03-28 10:14:23 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: e67a88ac6b492267d7e76ff9aa6d8a1c SHA-1: 90a5325ba57c733abb530cc119e62c91ec2cce8d SHA-256: 4ac10acff2198255c1165569e8262f5b96dfb5429e3015b36e8656d5de1aa58a
154 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains numerous external links, a technique often used to host phishing pages or distribute malware. The heuristic 'PDF_SEO_LINK_FARM' indicates a large number of external links, suggesting a malicious intent to redirect users. The ClamAV detection and ML classifier further support its malicious nature, classifying it as a phishing trojan.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6609

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://maypoin.ru/strik?utm_term=how+to+write+data+in+excel+sheet+using+java+poi
    • http://mbfsopg.com/book_of_symbols_online_freetgdkw.pdf
    • https://buwupejobo.weebly.com/uploads/1/3/4/2/134265589/kesame.pdf
    • http://bred-enligne.com/java_tutorialspoint_free_downloaddiykb.pdf
    • https://xamifixi.weebly.com/uploads/1/3/1/8/131871938/wabakoweravu_puzemejogeroz_zaxuwononutana.pdf
    • https://static.s123-cdn-static.com/uploads/4466411/normal_600975ff37425.pdf
    • https://static.s123-cdn-static.com/uploads/4489596/normal_5fe4176d120ac.pdf
    • https://uploads.strikinglycdn.com/files/80a455e7-fb92-4d8e-b517-2cfb2226329f/37297618796.pdf
    • https://uploads.strikinglycdn.com/files/6cd9e935-6ff8-4126-82a6-d767728b3293/lesilotinodisemiti.pdf
    • https://d926c97b-7f3b-4ec8-a52a-318bcb589338.filesusr.com/ugd/120f26_e50fdc207c814ff7b0a321e28bf838be.pdf?index=true
    • https://f3ea461b-95fd-44cf-949c-5afda193840f.filesusr.com/ugd/a48928_ac56987ed9d14c0db26582c390d90ff8.pdf?index=true
    • https://uploads.strikinglycdn.com/files/c705beed-cb05-462a-b380-54ac356d70d4/hp_deskjet_2132_software_mac.pdf
    • https://uploads.strikinglycdn.com/files/db96359b-f74d-4c8c-9d12-1e825d4c4b49/psychoeducational_group_topics_for_substance_abuse.pdf
    • https://uploads.strikinglycdn.com/files/09f07d40-3495-401f-a9dd-69b7332c309b/gediveditapapuf.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.