Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c4d0e3ff88ec224…

MALICIOUS

PDF

39.2 KB Authoring application: pstoedit First seen: 2021-02-18
MD5: ba9789441db29b1efc73ed1ba4aeb342 SHA-1: 3d5d67d8c12e9c23068fb2547824c6f819f11e0c SHA-256: 4c4d0e3ff88ec22443afa67131c1c49363403634e4476bc2c10e62d609cc8be9
152 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://sala.restaurantevalledeltietar.com/uploads/2020/01/29/sodukonake_rarezamogok_pamapow_jadewaf.pdf In PDF document text
    • http://makumatev.hercareer.pro/uploads/2020/01/27/remumotije.pdfIn PDF document text
    • http://kalusaje.good-power.ru/uploads/2020/01/28/xozugavefezope_gikivufoda.pdfIn PDF document text
    • http://zixarevif.0106shop02.fun/uploads/2020/01/28/9703234.pdfIn PDF document text
    • https://ladotabovig.weebly.com/uploads/1/3/0/3/130379292/35f61da4da.pdfIn PDF document text
    • http://coolairconditioningltd.com/uploads/1/3/0/5/130539897/bebosilate.pdfIn PDF document text
    • http://coffeeinsachet.com/uploads/2020/01/28/dilopurejakubor-buvapad-weguvamuburobe.pdfIn PDF document text
    • http://jiw.adwords-campagnes.com/uploads/2020/01/28/sedatizonodivib.pdfIn PDF document text
    • https://rekitefi.weebly.com/uploads/1/3/0/2/130270985/vulatoxiliwa.pdfIn PDF document text
    • http://zapojoku.sellercentral-amazon-avs.com/uploads/2020/01/28/701189218821c47.pdfIn PDF document text
    • https://xepudeveke.weebly.com/uploads/1/3/0/5/130550823/mafiwobexurate.pdfIn PDF document text
    • http://mapidifuke.hinomaru-sumo.ru/uploads/2020/01/29/2714641.pdfIn PDF document text
    • http://qmcorp.biz/uploads/1/3/0/6/130621046/3209267.pdfIn PDF document text
    • http://zikavi.gamefreeplus.ru/uploads/2020/01/28/dasumutokibuk.pdfIn PDF document text
    • http://xidow.cityglush24.icu/uploads/2020/01/28/36c32e.pdfIn PDF document text
    • http://voxuxu.top-shop21.ru/uploads/2020/01/27/bobaw_valovap_kedudagat.pdfIn PDF document text
    • https://todiwugatuza.weebly.com/uploads/1/3/0/3/130324191/bomizin-gotijezebipaja.pdfIn PDF document text
    • https://xuvasaxoximoka.weebly.com/uploads/1/3/0/4/130490151/sonafo.pdfIn PDF document text
    • http://dozuli.ruonkolog.ru/uploads/2020/01/28/ruzugexuwezemil.pdfIn PDF document text
    • https://ruwapova.weebly.com/uploads/1/3/0/4/130476340/batir.pdfIn PDF document text
    • http://nubiangoatskentucky.com/uploads/1/3/0/5/130588214/130588214.html#my+little+blacksmith+shop+guideIn PDF document text
    • https://store.steampowered.com/app/980940/My_Little_Blacksmith_ShoIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001627.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1627 7772 bytes
SHA-256: 6506c0a441ae63d896f9eeb558038bb78e3222a5071b8875a120f0267aef58e4

Open this report in the interactive analyzer, or submit your own file for analysis.