Malicious PDF — malware analysis report

Static analysis result for SHA-256 5ad23cae764da90c…

MALICIOUS

PDF

23.6 KB Created: 2020-04-21 10:55:38 +03:00 Authoring application: wkhtmltopdf 0.12.1.4 (via Qt 4.8.6)
MD5: ee051900288cee7749fc20d6e26fd4bb SHA-1: 632f61b3f04c0b5ee0495391c9c2f6659789a360 SHA-256: 5ad23cae764da90c9bbe71b0def9cb998de25777c8213074bd59b6fe00dcd4cc
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF contains numerous embedded URLs, many of which are part of a link farm designed to direct users to potentially malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a high volume of external links, suggesting a distribution or phishing attempt. While no scripts were explicitly extracted, the presence of embedded URLs and the ML classifier's strong flagging point to malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9945

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://glightfoundation.org/uploads/1/3/0/3/130313428/130313428.html#wound+care+guidelines+2018+uk
    • http://camsexboys.com/uploads/1/3/0/4/130488114/bee7b.pdf
    • http://kitaskakekreations.com/uploads/1/3/1/6/131637635/2211038.pdf
    • http://bafwv.com/uploads/1/3/0/8/130874034/pasuteremapidige.pdf
    • http://caletaylor.com/uploads/1/3/0/7/130776655/xupitugemarag.pdf
    • http://lowskyhoney.com/uploads/1/3/0/4/130489052/5bb1aa3cb6ac10.pdf
    • http://srvywatch.com/uploads/1/3/0/5/130552017/sojuxerigazuz.pdf
    • http://obomartin.com/uploads/1/3/0/9/130969353/5a089e692.pdf
    • http://martaflowers.com/uploads/1/3/1/0/131070189/944f68cc5.pdf
    • http://kroy-biermann.com/uploads/1/3/1/3/131379716/jajebogo_xotozifenolim_milumulozuv.pdf
    • http://tab-ia.com/uploads/1/3/0/5/130543240/bapubegisuko_juredujem_rubij_vuzabibulanuf.pdf
    • http://studentloandebtforums.com/uploads/1/3/0/5/130589064/9374724.pdf
    • http://casinographics.com/uploads/1/3/0/9/130969673/ce53a4924f10.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.