Malicious PDF — malware analysis report

Static analysis result for SHA-256 610a0d8a58a1d289…

MALICIOUS

PDF

36.7 KB Authoring application: SWFTools
MD5: 4b594a65d2a839725809ae254f2e336c SHA-1: 60ca9143fcb6c590f376ad1750f3a8da860eae7a SHA-256: 610a0d8a58a1d28911b0711f7efef84933ac3a23eb46ca7df6146e51e8016a80
192 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF file contains a large number of external links, disguised as a "link farm" for SEO purposes, and also presents a fake CAPTCHA to lure users into clicking them. The embedded links likely lead to further malicious content or phishing pages. The ML classifier and ClamAV detection strongly indicate malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Fake CAPTCHA / human verification prompt high SE_FAKE_CAPTCHA
    Document displays a fake CAPTCHA or human-verification prompt — used to trick users into running commands or pressing keyboard shortcuts
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://lovemybengals.com/uploads/1/3/0/4/130488987/9810349.pdf
    • http://dubas.crazycoders.online/uploads/2020/01/27/najebivuv.pdf
    • http://xex.find-me-2019.com/uploads/2020/01/27/tajugugup.pdf
    • http://lauracoutts.net/uploads/1/3/0/4/130492038/novedunanigutix.pdf
    • http://conseilscolaire-schoolcouncil.org/uploads/1/3/0/5/130543545/modib_zawan_munipeb.pdf
    • http://fenus.samsunggroup.ru/uploads/2020/01/29/1581796.pdf
    • http://transcendingwalls.com/uploads/1/3/0/6/130622058/vulaxevomigi.pdf
    • http://sik.gateway-3ds.ru/uploads/2020/01/29/bupaxop-zutonikabedo.pdf
    • http://tegogov.spec-foto.ru/uploads/2020/01/28/mukelu.pdf
    • http://rathockeystore.com/uploads/1/3/0/2/130274305/ladozuwufoluxen.pdf
    • http://societasstudiorumamdg.com/uploads/1/3/0/5/130590458/1388883.pdf
    • http://blogsegodnya.ru/uploads/2020/01/28/9412789.pdf
    • http://somersetfoodtrail.org/uploads/1/3/0/4/130435500/130435500.html#structural+geology+books+free+download+pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000132b.bin
31fe3d3326fda488f13e7f7739b5db6526cfdb675e4f8f69d9435b98575190ba		 pdf-font-stream PDF embedded font (sfnt) at offset 0x132B 8252 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.