Malicious PDF — malware analysis report

Static analysis result for SHA-256 7d064ab472da973c…

MALICIOUS

PDF

80.3 KB Created: 2021-03-22 10:11:33 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-04
MD5: 0ff1e61f8ca4c301eb2d020e5a4133b1 SHA-1: baa458c82a41b27638a3747be32f1787e538faa3 SHA-256: 7d064ab472da973c5b84060a654118b0388c1eae4ef9a224b1d7319a34ed885a
76 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9994

Heuristics 4

  • Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
    PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://pelibifir.ru/award?keyword=ecotourism+and+biodiversity+conservation+pdf PDF link annotation
    • http://ueuniti.xyz/flag_banner_template3bgbx.pdfIn PDF document text
    • http://profapp.pro/2015_chevy_trax_lt_owners_manualizqi0.pdfIn PDF document text
    • http://bbflowers.net/dofakedavipudigakuzobaxppj9w.pdfIn PDF document text
    • http://doorstepcomputers.com/65952619455ucdi2.pdfIn PDF document text
    • http://xawegap.mywebcommunity.org/nipewutejuvigejobikasekip.pdfIn PDF document text
    • http://tesocoin.online/402044583929jqw2.pdfIn PDF document text
    • http://nebo-baikala.ru/infectious_disease_guidelines_malaysia0m5v1.pdfIn PDF document text
    • http://bufezipuduxev.mywebcommunity.org/dominos_garlic_butter_sauce_recipe.pdfIn PDF document text
    • http://erethiztzj.space/ram_dass_gurue2jil.pdfIn PDF document text
    • http://nuveclovet.xyz/free_printable_conflict_resolution_worksheets_for_adultsjgo8f.pdfIn PDF document text
    • http://perevozka.ru/singapore_math_workbook_grade_5o4640.pdfIn PDF document text
    • http://watercart.ru/jack_and_the_beanstalk_a_real_story1i9p8.pdfIn PDF document text
    • http://my-favshope.online/counting_coins_worksheets_3rd_gradesla48.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • http://wuwedilejom.myartsonline.com/20003083179.pdfIn PDF document text
    • https://s3.amazonaws.com/gozilum/amir_khan_songs_video.pdfIn PDF document text
    • https://s3.amazonaws.com/tokafanawa/42216372967.pdfIn PDF document text
    • https://s3.amazonaws.com/vapelurowar/bigg_boss_telugu_promo_2.pdfIn PDF document text
    • http://zatuvejamubolo.atwebpages.com/mw3_cheats_xbox_one.pdfIn PDF document text
    • https://0dd0cd87-80d3-4eb5-b9c6-73c43c3a6fca.filesusr.com/ugd/f0b6b3_d156d772d84d4f01a9cd8086c474fbad.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/tesapibebujep/network_diagram_template_xls.pdfIn PDF document text
    • https://e39bfc17-a898-4016-ac91-fc9303c112df.filesusr.com/ugd/b5068a_05cad67249374a3fabc9f07d24281185.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/votubukaxogilix/19582449386.pdfIn PDF document text
    • https://77047a80-9f17-4504-a563-a097c25ca12e.filesusr.com/ugd/5c8b2f_f62ac62dbe454c41b8d5e86d1c071801.pdf?index=trueIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://ns.adobe.com/xap/1.0/rights/In PDF document text
    • http://scripts.sil.org/OFLIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000fc12.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xFC12 5528 bytes
SHA-256: a5df5ef6e06bb5b881cecbea1a9aff094b79f3e01396f653076bfd590a1cd7da
font_01_sfnt_off00010ed1.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x10ED1 10944 bytes
SHA-256: fd6a2f606c8838769443df116a1026bc45229941b8a0700145b3da8a5b2de8fd