Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d556141d64b2cd1…

MALICIOUS

PDF

33.2 KB Authoring application: ImageMagick
MD5: 6c347b5c6ed1796aedf6796cc40132d5 SHA-1: 4f5532c9155542cf7c4a68059efbfa34b1a866e8 SHA-256: 5d556141d64b2cd1959655ec47226dc9ba588d1948f2b97e72892cd5f48860a2
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was flagged by multiple detection engines, including ClamAV as Pdf.Phishing.TtraffRobotInstall-7605656-0. It contains a large number of embedded external links, suggesting a link farm or redirection strategy. The primary purpose appears to be distributing malicious content through these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://meudinheiro.info/uploads/1/3/0/6/130603810/paxiwufepebaw-keputabori-xuxeka-fexigetufanogi.pdf
    • http://misscamille.fr/uploads/1/3/0/3/130313488/9898326.pdf
    • http://safedreams.org/uploads/1/3/0/6/130620973/7203289.pdf
    • http://duferudu.jetblue-air.com/uploads/2020/01/28/3187422b.pdf
    • http://vdesignv.com/uploads/1/3/0/2/130287538/1374271.pdf
    • https://wufibirexuxolug.weebly.com/uploads/1/3/0/5/130539928/8269761.pdf
    • http://mikelscottart.com/uploads/1/3/0/3/130313149/tumagi.pdf
    • http://cityonloc.com/uploads/1/3/0/6/130640060/3564224.pdf
    • http://rudynts.com/uploads/1/3/0/6/130640110/334734.pdf
    • http://trentriverdesigns.com/uploads/1/3/0/5/130546538/130546538.html#pinewood+derby+scoring+sheet

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000012f1.bin
fc85b3cba98c8ac29c6507d87c6fad36ea3dc419d9d2f88d1ee89a4ccd1bffcc		 pdf-font-stream PDF embedded font (sfnt) at offset 0x12F1 7532 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.