Malicious PDF — malware analysis report

Static analysis result for SHA-256 4f1df1e192cf3614…

MALICIOUS

PDF

77.5 KB Created: 2021-03-16 08:18:03 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 0e6dd265dacb48e439a7fa5a9146cb77 SHA-1: ee38676c59771d054ed9ef91ed4da853996b170c SHA-256: 4f1df1e192cf361482f7edded8c23fa47c1c80c167310f57f8cc8f926271d505
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://xezojetit.ru/strik?utm_term=what+is+the+definition+of+social+studies+education
    • https://zugufanebuloko.weebly.com/uploads/1/3/4/0/134016669/dikepenunut.pdf
    • https://cdn.sqhk.co/duxivutunum/jgurihY/mutiny_pirate_survival_rpg_mod_apk.pdf
    • https://xilexuluta.weebly.com/uploads/1/3/6/0/136094269/55221.pdf
    • https://cdn.sqhk.co/lajagika/lNiGidJ/neo_geo_battle_coliseum_rom_demul.pdf
    • https://cdn.sqhk.co/kujexelorite/QiejjuJ/dungeon_crusher_altar_heroes.pdf
    • https://uploads.strikinglycdn.com/files/629c5622-609a-4560-bedd-a2669b220214/pubutagupux.pdf
    • https://s3.amazonaws.com/xomudufe/vomozatudagafu.pdf
    • https://uploads.strikinglycdn.com/files/53973890-edca-4edd-bd40-1cefc8d96370/pete_the_cat_thanksgiving_episode.pdf
    • https://s3.amazonaws.com/vavapekadoliti/android_update_candy_names.pdf
    • https://uploads.strikinglycdn.com/files/eaf7a6f0-9575-4676-bf86-65f0e4d91d75/dafozotavifikedoxari.pdf
    • https://s3.amazonaws.com/nitidadufetenu/57504612137.pdf
    • https://c6111751-42b6-464f-a8b1-832d492ff999.filesusr.com/ugd/3d0627_ca90a260c06d49748d1e50c5a8c99992.pdf?index=true
    • https://9df6fdd8-df71-43fb-87ad-b121b2de7416.filesusr.com/ugd/e0d0cf_3bc7c5bf0be847a6badfd075fa99a33f.pdf?index=true
    • https://s3.amazonaws.com/popilo/46959125937.pdf
    • https://uploads.strikinglycdn.com/files/75bd0d4b-39dc-43a3-bd22-3dfbc8c59ead/godopinafulukugokopetevu.pdf
    • https://uploads.strikinglycdn.com/files/87bc5f71-fb06-4809-bc5b-42ec0b19b12b/17453485128.pdf
    • https://uploads.strikinglycdn.com/files/dc1a85dc-2c82-4fec-9d34-6c03f85b39c3/xagijibevabi.pdf
    • https://s3.amazonaws.com/jixerubowi/blood_relation_with_answers.pdf
    • https://uploads.strikinglycdn.com/files/d88e2fb8-11b7-4fd4-a764-4406fe3907ee/how_to_fix_display_on_exercise_bike.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.