Malicious PDF — malware analysis report

Static analysis result for SHA-256 57450f3137e54672…

MALICIOUS

PDF

61.3 KB Created: 2021-03-14 07:42:46 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 2916e0990213203da12b00f2e7d88551 SHA-1: 8c7b07f4cdf297b000bc0bc941566b76e8a4af91 SHA-256: 57450f3137e5467268556c23ee4589451e97c4384201b2f7c0f081e9cde7d79d
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a heuristic firing for a 'PDF_SEO_LINK_FARM', indicating it hosts a large number of external links. Several of these links point to suspicious domains and are likely part of a scheme to manipulate search engine results or redirect users to malicious content. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6079

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://seumenha.ru/award?keyword=les+barricades+myst%25C3%25A9rieuses+pdf+guitar
    • http://usesoda.pro/gente_toxica_libro_onlinevqfsd.pdf
    • http://neuroncraft.online/ravejosexexosutunugob6n2lz.pdf
    • http://bumaga.bz/mojazubebixavowetumaji3jfs8.pdf
    • http://flymoney.net/628252486324kp32.pdf
    • https://nurosizakudagag.weebly.com/uploads/1/3/4/6/134699554/3628628.pdf
    • http://ndfnasg.xyz/the_boondocks_season_1_torrent4e60d.pdf
    • http://shop50off.info/gamegomidodujetodiridosmkb1m.pdf
    • http://siondez.ru/34614707367ba5g6.pdf
    • http://redita.fun/wall_street_journal_internship_application1rnh4.pdf
    • http://verifybadgehelp.com/magugesovixdd.pdf
    • http://fuckfrsky.com/jesuwawiw246t.pdf
    • http://bristol-yalta.run/under_cabinet_radio_am_fm_bluetoothrjn24.pdf
    • https://xuzelete.weebly.com/uploads/1/3/2/6/132681171/9204435.pdf
    • http://lofitner.buzz/wigimea0ve4.pdf
    • https://uploads.strikinglycdn.com/files/d6dd943c-31f9-4812-8150-d688a5b5f232/51866072307.pdf
    • https://uploads.strikinglycdn.com/files/4d426e65-d3a3-4464-9f2d-57182226b33e/matrix_organizational_structure_definition.pdf
    • https://uploads.strikinglycdn.com/files/86df62a3-6353-4d2a-bbcb-08dcb67d8670/sanyo_fwzv475f_dvd_vcr_player_manual.pdf
    • https://uploads.strikinglycdn.com/files/1d1e4494-631f-42ba-8923-5fcf5028d150/69971825571.pdf
    • https://39c1d623-eccb-4af0-a86a-15328a2d61f9.filesusr.com/ugd/3cb6cb_a1348f256f21452e9559ee50f168f928.pdf?index=true
    • https://uploads.strikinglycdn.com/files/0fa7cab0-b4b9-4b97-873c-667cbb005a50/82169393485.pdf
    • https://be9c8297-50e9-4ec8-be22-7cc4068ef96a.filesusr.com/ugd/fc3b0b_f3819c87d9a549bc8e6b588057394b26.pdf?index=true
    • https://f37c3615-20b0-4e70-b1e7-2acf34113780.filesusr.com/ugd/1e533a_9d8783d4ea4d489090a911952323520e.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.