Malicious PDF — malware analysis report

Static analysis result for SHA-256 4b37704ca0425fb3…

MALICIOUS

PDF

63.8 KB Created: 2021-03-14 19:59:54 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-06-04
MD5: 991ebd3adcd430bc5463a7409c257a27 SHA-1: a05dcf2f2902cee2ce3317bc45d01f67ce561895 SHA-256: 4b37704ca0425fb375cc03df216533c3d12541008075af7b5a9932a72b249586
154 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains numerous external links, many of which are SEO-themed and point to other PDF documents, suggesting a link farm for SEO manipulation. One prominent link leads to a URL that appears to be a lure for downloading a policy manual. The ClamAV detection and ML classifier indicate malicious intent, likely related to phishing or malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5377

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://seumenha.ru/award?keyword=occupational+health+and+safety+policy+and+procedures+manual+pdf PDF link annotation
    • http://laura-egorova.ru/37423651106ezjxh.pdfIn PDF document text
    • http://greyfruit.space/college_algebra_dugopolski_6th_editiont4av1.pdfIn PDF document text
    • http://disozire.mygamesonline.org/how_many_carbs_in_taco_bell_nachos_bellgrande.pdfIn PDF document text
    • http://fisareboveda.getenjoyment.net/94243225097.pdfIn PDF document text
    • http://baugroup.info/66980305920scfen.pdfIn PDF document text
    • http://ital-girl.space/gmail_app_free4gm8p.pdfIn PDF document text
    • https://s3.amazonaws.com/kopisigapub/63044400191.pdfIn PDF document text
    • https://571cbd0a-ba82-408d-be6d-2df53a8fcfe5.filesusr.com/ugd/02af14_8ecb33a703df471b8d62865f34d75724.pdf?index=trueIn PDF document text
    • http://bumurulepowele.myartsonline.com/47781060128.pdfIn PDF document text
    • https://s3.amazonaws.com/tasufagijaremo/97240841703.pdfIn PDF document text
    • https://f867c6cd-7aae-4938-a634-6821dcb48262.filesusr.com/ugd/eb45fa_3071b9f8080c40c2a44a04916c8355fc.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/zexozavo/beeville_weather_report.pdfIn PDF document text
    • https://s3.amazonaws.com/ruzumeb/what_is_elderly_for_a_cat.pdfIn PDF document text
    • https://d3826037-6016-486c-99e9-dc41bc666644.filesusr.com/ugd/b81754_1509eefe857f4c509dcb89e52f1223ca.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/gazivemon/cadena_alimenticia_trofica.pdfIn PDF document text
    • https://s3.amazonaws.com/gagotaniwipure/human_geography_textbook_the_cultural_landscape.pdfIn PDF document text
    • https://0e098354-e5d1-4afc-9be7-763a70ae5e44.filesusr.com/ugd/ef253e_f10eeb00bff64874945df7574e4c464c.pdf?index=trueIn PDF document text
    • https://1a441fb4-51dd-4528-a053-eb59ff664e18.filesusr.com/ugd/43d9d5_2b8375335f3a4f0c861f871f4e5c0ea1.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/dazuxujepov/nupak.pdfIn PDF document text
    • https://s3.amazonaws.com/lulelepese/zatatutib.pdfIn PDF document text
    • https://4c5ad993-366d-4b3a-aa99-9b6f56583180.filesusr.com/ugd/01e791_78897bb7dd2e4d3fa5612225f1c342f2.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/lezerawe/38886724829.pdfIn PDF document text
    • https://e18e6c05-101e-4f41-9c4d-f518aea09dbb.filesusr.com/ugd/7972b3_3f5a7027a98a454db695b0f2931a3989.pdf?index=trueIn PDF document text