Malicious PDF — malware analysis report

Static analysis result for SHA-256 782b9603582a17fc…

MALICIOUS

PDF

248.7 KB Created: 2022-04-16 05:50:20 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2026-06-16
MD5: c6e5001283acd3dbd61a8644999cbf1e SHA-1: c4e9117c9e5fc7fbf95a60cdd6a53a572292ac48 SHA-256: 782b9603582a17fca588e185ca4ba095ff7c8d75ba27440b22bbf4ef859779c0
106 Risk Score

Machine Learning

  • Nyx PDF Classifier suspicious score 0.4180

Heuristics 5

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
    PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cafij.co.za/XSRYdR1H?utm_term=adobe+xi+pro++trial PDF link annotation
    • https://vixoketos.weebly.com/uploads/1/3/1/4/131453026/bafibibumojozemixako.pdfIn PDF document text
    • https://fomoxizukewoviw.weebly.com/uploads/1/3/0/7/130739072/5597813.pdfIn PDF document text
    • https://xesisawizes.weebly.com/uploads/1/3/1/6/131606125/1486354.pdfIn PDF document text
    • http://ci-tesco.com/kcfinder/upload/files/kofobizowebap.pdfIn PDF document text
    • https://ximazula.weebly.com/uploads/1/3/0/7/130738777/posilutekiboga.pdfIn PDF document text
    • https://lopodegif.weebly.com/uploads/1/3/2/6/132695694/7c19b8a.pdfIn PDF document text
    • http://topstec.com/d/files/ketoxabojixe.pdfIn PDF document text
    • https://repavubujog.weebly.com/uploads/1/3/4/4/134486674/49259afa85c747.pdfIn PDF document text
    • https://bamfieldrental.com/userfiles/file/rixukijes.pdfIn PDF document text
    • https://www.coremg.org.br/dinamico/includes/kcfinder/upload/files/tanekelonejexol.pdfIn PDF document text
    • http://www.mueblesgamez.com/ckfinder/userfiles/files/nazasok.pdfIn PDF document text
    • http://inlikeflintlogistics.com/wp-content/plugins/formcraft/file-upload/server/content/files/162359c360d395---5041939111.pdfIn PDF document text
    • https://danolanefute.weebly.com/uploads/1/3/4/8/134873411/dezasemuviro_kukibedape_nesekuxijuk_zuluziv.pdfIn PDF document text
    • http://orvositudasbazis.eu/images/upload/file/dijekeminowev.pdfIn PDF document text
    • https://sijapuxojowul.weebly.com/uploads/1/3/4/6/134616399/6129813.pdfIn PDF document text
    • https://xuminewas.weebly.com/uploads/1/3/7/5/137500686/5010383.pdfIn PDF document text
    • https://javedipigusoxi.weebly.com/uploads/1/4/1/2/141279155/3fe7e23a.pdfIn PDF document text
    • https://jaxirifaru.weebly.com/uploads/1/3/4/5/134500995/6832628.pdfIn PDF document text
    • https://minhgianggroup.vn/upload/files/vetoteruketurisov.pdfIn PDF document text
    • http://njuhome.pl/ckfinder/userfiles/files/15934466667.pdfIn PDF document text
    • https://zumegopepotiko.weebly.com/uploads/1/3/1/3/131398003/9377789ee5a.pdfIn PDF document text
    • https://lusugola.weebly.com/uploads/1/3/4/5/134599647/nitapa.pdfIn PDF document text
    • https://kelebididoxo.weebly.com/uploads/1/3/2/6/132681806/lebusexan_tinenatubinosev_wusutufebura.pdfIn PDF document text
    • http://polesprogettazioni.com/userfiles/files/mijuxosoxolumaborakudave.pdfIn PDF document text
    • http://uslugi-ogrodnicze.pl/pliki/File/fuminafe.pdfIn PDF document text
    • https://garankuccu.com/upload/fckimagesfile/53e7e73d6e5ae6d6021913e6c73c27b3.pdfIn PDF document text
    • http://gpsputhuppally.com/userfiles/file/57757983824.pdfIn PDF document text
    • https://zapeledi.weebly.com/uploads/1/3/5/3/135314532/vexopa_kimixasinugop.pdfIn PDF document text
    • https://tecnomatec.cl/upload/file/67528530581.pdfIn PDF document text
    • https://sijerixo.weebly.com/uploads/1/3/4/0/134042725/pekil.pdfIn PDF document text
    • https://vidixudex.weebly.com/uploads/1/3/4/7/134774160/naluzawo.pdfIn PDF document text
    • https://fawewetipe.weebly.com/uploads/1/3/1/3/131379545/tepokutapunaso.pdfIn PDF document text
    • http://kryotherapie.net/neu/userfiles/file/27396084592.pdfIn PDF document text
    • http://easy-sleep24.de/shop/images/editorfiles/file/64163802730.pdfIn PDF document text
    • https://dizakevusarebiz.weebly.com/uploads/1/3/4/5/134581037/gojixototixovip-toved.pdfIn PDF document text
    • http://www.sfainternational.pk/assets/ckeditor/kcfinder/upload/files/48543826837.pdfIn PDF document text
    • https://peziwavadeba.weebly.com/uploads/1/3/4/3/134313506/vawuvuzubeput-sojume-jitifupow-kovuzowafik.pdfIn PDF document text
    • https://lewotivegil.weebly.com/uploads/1/3/4/3/134320996/popaj-gogifig-rovurajafan-kodiwejaladi.pdfIn PDF document text
    • http://vasekurzy.cz/userfiles/file/kojaniguw.pdfIn PDF document text
    • https://chuyendoiso.life/upload/files/suxamuf.pdfIn PDF document text
    • https://gozezitigaja.weebly.com/uploads/1/3/4/3/134340412/ramoperulunokedijixo.pdfIn PDF document text
    • https://nowawizerazez.weebly.com/uploads/1/3/4/5/134519823/sudak-kuroxev-dutuv-niwuwifudurad.pdfIn PDF document text
    • https://maggies-handmade.com/UserFiles/files/texetifimafifesemazomera.pdfIn PDF document text
    • https://gheysenreal.com/uploads/files/14521689035.pdfIn PDF document text
    • https://transturist.transturist.com/ckeditor/ckfinder/files/files/veremaxofaxaxib.pdfIn PDF document text
    • https://kristaldicarlo.com/userfiles/file/fufolejego.pdfIn PDF document text
    • https://zililiwuvifoked.weebly.com/uploads/1/4/1/3/141393151/46dd55c1a.pdfIn PDF document text
    • https://www.sabiamente.es/wp-content/plugins/formcraft/file-upload/server/content/files/162305e4513472---mazebikeniponutuput.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    +7 more URL(s)

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00034ef6.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x34EF6 3224 bytes
SHA-256: ca4d72eb1d57bd0492afafd86e3bc3bdf205b069ba45c6d7d4633b42817a6486
font_01_sfnt_off00035bbb.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x35BBB 18824 bytes
SHA-256: fd0478436b279c452d06e4aba760e03bc9447134eb409d250d64870bdeb63bf0
font_02_sfnt_off00038ac8.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x38AC8 10336 bytes
SHA-256: e93a790f66dfcf744f64b0ff61fefe8afc74f17ac096116e62a55f2879d667d3
font_03_sfnt_off0003a205.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x3A205 16488 bytes
SHA-256: c26743b87dfacdf0858f4b0a7ceb4ab939aa0c8d2a68f1ccae901a3bec0cb177
font_04_sfnt_off0003b91f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x3B91F 16792 bytes
SHA-256: 9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1

Open this report in the interactive analyzer, or submit your own file for analysis.