Malicious PDF — malware analysis report

Static analysis result for SHA-256 4d4010160e61957e…

MALICIOUS

PDF

78.5 KB Created: 2021-03-25 12:13:40 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 10ff589c73b5a68490e7ddacb0ac1604 SHA-1: 59c3179eefc416baed99c426b517919b3601d22b SHA-256: 4d4010160e61957e78d30ff4242d4ec53dc6d1c6f3b368b96e63ebdaab0c825c
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9964

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://kuzutuzo.ru/strik?utm_term=how+to+reset+check+engine+light+2016+ford+explorer
    • https://cdn.sqhk.co/migazajigum/hbTihdG/25245134415.pdf
    • https://cdn.sqhk.co/jarixizotib/94hdjcP/sudesuderen.pdf
    • https://cdn.sqhk.co/rabataxuvax/jdiagen/gibopexopifitununigipod.pdf
    • https://cdn.sqhk.co/bukevexej/04hamSz/30160878942.pdf
    • https://cdn.sqhk.co/zubejavaxuvu/Khgidc4/balenciaga_hoodie_cheap.pdf
    • https://d17f4099-ecc1-42b1-9c73-51521793457c.filesusr.com/ugd/4a2613_09dd47cf4af940048d0ac6f84e80fe17.pdf?index=true
    • https://3745348a-78a0-42d7-8ff4-af2b45bf5faf.filesusr.com/ugd/02631b_04c12f41fa9e4148bb53695e55237f4d.pdf?index=true
    • https://a62e46b8-d933-4087-892c-e5439cec6991.filesusr.com/ugd/e9cba9_faa244db34f84d31a14c9072f7ffd9b0.pdf?index=true
    • https://f26e6bca-ce10-4524-9610-ed5ef7c8d48b.filesusr.com/ugd/ac8c68_ea6a0f4a6de64f94a881ce863c604aa3.pdf?index=true
    • https://790985df-dfec-4a08-b509-00f37668cf87.filesusr.com/ugd/a421e3_3f3a37c738f74264819523495104b7ed.pdf?index=true
    • https://71fc3d66-43b2-4ae0-adc3-dfbcdf8b5360.filesusr.com/ugd/6605a0_87c43a7f77f8469099566548e22ff0e3.pdf?index=true
    • https://6363ce23-9394-4102-a476-7be320345719.filesusr.com/ugd/7c41c1_d7f65ae0fe0f4abdb6cd1f381466bd9d.pdf?index=true
    • https://6776ac3f-883f-499f-bc52-38dff818ec46.filesusr.com/ugd/969751_e167e543d83b4d118646c3a8637b1fb8.pdf?index=true
    • https://12350a4d-732a-4148-85a7-4fa27f2a77ec.filesusr.com/ugd/17beed_ba8fd880b6b340b5adce60a635f6c667.pdf?index=true
    • https://s3.amazonaws.com/murudute/how_long_to_cook_sliced_sweet_potatoes_in_air_fryer.pdf
    • https://f200304d-316b-45a9-b05c-680123ec6d1a.filesusr.com/ugd/aad1a2_0bf55775f25246dd93da4088bc8e4d8b.pdf?index=true
    • https://def05634-b969-4265-beeb-1e7d695e9a44.filesusr.com/ugd/6865ce_469b5d66dabc466f8525607ab0c06c5e.pdf?index=true
    • https://s3.amazonaws.com/biwuwukesazef/siwoxidaditurux.pdf
    • https://80cb706b-a9cc-40e6-9cd2-ad5688d6c4a8.filesusr.com/ugd/c84a73_78d9858877bf497c9e44276117488a8c.pdf?index=true
    • https://ed7c5604-ec0f-4ae6-9d22-6d534b57d154.filesusr.com/ugd/1d5a3f_4ea583b20d64486db6bdbe87557435f8.pdf?index=true
    • https://49550882-97ce-44db-a38b-6e383bb81149.filesusr.com/ugd/062c90_31007782122f4568a0eb9a8a33e0aac5.pdf?index=true
    • https://95a83a18-022f-4aa5-9dc2-588eac4c5c4a.filesusr.com/ugd/ccb6ab_a150de0f91eb483da1147b5f927279de.pdf?index=true
    • https://72a23b54-95c1-47c0-80d6-f7b1310faeb8.filesusr.com/ugd/65b209_eb1c41aee13d49d08d61c0d51fc4b0ab.pdf?index=true
    • https://b913155d-2712-4fd4-bcc6-651970a8c456.filesusr.com/ugd/e39924_9915cf9872c5459fabaf16b3a80d51cc.pdf?index=true
    • https://s3.amazonaws.com/najubu/goxalizamurazirepuz.pdf
    • https://s3.amazonaws.com/vovabagubajegeb/37449675984.pdf
    • https://51bf459c-6b46-41b0-863f-532cf8a77e0d.filesusr.com/ugd/2eedf1_ffc7344627d94caaa53bc1d5edc7b178.pdf?index=true
    • https://45f61934-b4a1-4335-a9e3-e142d9465b5b.filesusr.com/ugd/0dd040_3c53c7914cc64d598c6bd866a203c15d.pdf?index=true
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.