Malicious PDF — malware analysis report

Static analysis result for SHA-256 5649d956b329d2bb…

MALICIOUS

PDF

41.2 KB Authoring application: PDFedit First seen: 2021-02-19
MD5: dad42f42a474ecb27ce4897e24b5195d SHA-1: ed41dff1990e4f40e7d5af299e829b0f1d2e3f29 SHA-256: 5649d956b329d2bb9f43f66f0c4f36f98fd162326192850b6aff551a1f305dbd
152 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://darevumepuvo.weebly.com/uploads/1/3/0/5/130538918/02d9c0569a6.pdf In PDF document text
    • http://teamgenesisnvps.com/uploads/1/3/0/5/130588779/sesexaxataz.pdfIn PDF document text
    • http://thelackawaxenmusicfestival.com/uploads/1/3/0/2/130287426/445d349688c8.pdfIn PDF document text
    • http://pointsoffivetarot.com/uploads/1/3/0/4/130435652/3940595.pdfIn PDF document text
    • http://pavaxip.dom-gleden.icu/uploads/2020/01/27/perijo.pdfIn PDF document text
    • https://tuzoniwaku.weebly.com/uploads/1/3/0/2/130271137/jemanutemepil.pdfIn PDF document text
    • https://xetizurubajo.weebly.com/uploads/1/3/0/6/130604804/2735994.pdfIn PDF document text
    • https://pabifuzeb.weebly.com/uploads/1/3/0/5/130543054/wupoguda.pdfIn PDF document text
    • http://wadeladasi.ringbrook.com/uploads/2020/01/28/zapopudu_tufoga_pemosowoxu_kugen.pdfIn PDF document text
    • http://dakojitiba.camby.ru/uploads/2020/01/27/5e64f6bc6.pdfIn PDF document text
    • http://mepunuge.kazna4eyka.com/uploads/2020/01/29/joselupil.pdfIn PDF document text
    • http://edsoncustomcruisers.com/uploads/1/3/0/5/130550667/eeb989809a3f1.pdfIn PDF document text
    • http://diamondsuppliments.com/uploads/1/3/0/4/130476814/bunifigubedekazuzaf.pdfIn PDF document text
    • http://musicminded.org/uploads/1/3/0/6/130604903/785e400035d.pdfIn PDF document text
    • http://diaetguru.net/uploads/1/3/0/3/130379075/130379075.html#pubg+report+discord+botIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000013e8.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x13E8 8584 bytes
SHA-256: 49c1097b60644cbe45175d83b2137ba03fb6e8b6d7b0157f9cbf042737bd020b