Malicious PDF — malware analysis report

Static analysis result for SHA-256 62a84b378b6f6ed6…

MALICIOUS

PDF

38.5 KB Authoring application: PDF Studio First seen: 2021-02-23
MD5: 5be8e6673f555cff93c0ad8ade095391 SHA-1: 7ca79f7631f23d9e4087ec730fde53c5c202ede3 SHA-256: 62a84b378b6f6ed63f00cb03ef440fb75e08e8c0373920ae7a0bc5dbd568e697
152 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7869550-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7869550-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://mosaicrabbitry.weebly.com/uploads/1/3/0/6/130604768/pejumimamewugojopoj.pdf In PDF document text
    • http://oneactioncalendar.org/uploads/1/3/0/4/130476229/4962381.pdfIn PDF document text
    • http://coonrapidssnowflakedays.weebly.com/uploads/1/3/0/6/130639335/2052747.pdfIn PDF document text
    • https://bulogero.weebly.com/uploads/1/3/0/5/130546343/xitanifid_wefor.pdfIn PDF document text
    • http://bexbot.com/uploads/1/3/0/3/130313360/1069608.pdfIn PDF document text
    • http://concordia-archives.net/uploads/1/3/0/2/130289421/685797.pdfIn PDF document text
    • http://zojalog.isabellaestetica.com/uploads/2020/01/28/vogelajumuwas.pdfIn PDF document text
    • http://xerawi.beru-credit.ru/uploads/2020/01/28/fifelef.pdfIn PDF document text
    • http://varska-spa.ru/uploads/2020/01/28/kupililalikok_fovuzomawif_gafewikuruf_xamumed.pdfIn PDF document text
    • http://mikekelley.us/uploads/1/3/0/5/130551251/worewiweje.pdfIn PDF document text
    • http://dug.copyrightcontact-10000671253681.com/uploads/2020/01/28/deburilodax_monujifisofipu_nalisiliwezofo_lileduwikif.pdfIn PDF document text
    • http://duzan.dedietrich-outlet.ru/uploads/2020/01/28/e6e4f.pdfIn PDF document text
    • https://mizaloges.weebly.com/uploads/1/3/0/5/130590548/wijoboregusi.pdfIn PDF document text
    • http://vipiski-besplatno11.icu/uploads/2020/01/28/0a3b83627b2.pdfIn PDF document text
    • https://bugasibekepusep.weebly.com/uploads/1/3/0/4/130488316/b9ab395.pdfIn PDF document text
    • http://pvazquezhomeopata.weebly.com/uploads/1/3/0/3/130323224/rekodanotof.pdfIn PDF document text
    • http://r-mustangs.com/uploads/1/3/0/6/130639115/ee51d7fef46.pdfIn PDF document text
    • http://oceanviewlotuvita.com/uploads/1/3/0/4/130490421/130490421.html#idle+champions+hitch+guideIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000158c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x158C 8980 bytes
SHA-256: 22c135afee18de5783862ea8d8751d896469c9de7ddc9b41a1c700527950234c

Open this report in the interactive analyzer, or submit your own file for analysis.