Malicious PDF — malware analysis report

Static analysis result for SHA-256 813ab570d07e2119…

MALICIOUS

PDF

49.5 KB Authoring application: pstoedit First seen: 2020-12-25
MD5: 11b58f5c67b46cb77aaad6cc9c05014c SHA-1: 300af6d8de3ef17ffd2ffa5029ef4e3f6c1df0cc SHA-256: 813ab570d07e2119263c95ac47d220fcf8f338c3a371248223172a75f513fc55
152 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://siroruvotilisat.weebly.com/uploads/1/3/0/2/130270931/vilogogigojakux-padure.pdf In PDF document text
    • http://zijen.scinote.ru/uploads/2020/01/27/754582.pdfIn PDF document text
    • http://jadi.businessget.ru/uploads/2020/01/27/4b4d48125fcd.pdfIn PDF document text
    • http://wuvixule.kinotani.icu/uploads/2020/01/28/9281251.pdfIn PDF document text
    • http://kipururogi.bp-bas.com/uploads/2020/01/28/dejowexu_badaboveriw_vovuguvizexiw_mogidewuviju.pdfIn PDF document text
    • http://tudirul.idealica1.com/uploads/2020/01/28/3201452.pdfIn PDF document text
    • http://jevolare.paypal-support-limitted.com/uploads/2020/01/28/zarabejad_tivakupame_pisaxe.pdfIn PDF document text
    • http://metall-msc.ru/uploads/2020/01/27/jewavorugelagani.pdfIn PDF document text
    • https://ripebarobepa.weebly.com/uploads/1/3/0/4/130478057/6050803.pdfIn PDF document text
    • http://validaingresso.com/uploads/2020/01/27/9195511.pdfIn PDF document text
    • http://tex.mmoobzor.ru/uploads/2020/01/28/3d3708d95bdaf3.pdfIn PDF document text
    • http://danielfache.com/uploads/2020/01/27/zifudevujuweki.pdfIn PDF document text
    • http://ramufa.onemagazin.ru/uploads/2020/01/27/f88e2d5399.pdfIn PDF document text
    • http://kejurur.mavitiklisayfa.com/uploads/2020/01/27/2109308.pdfIn PDF document text
    • http://zavi.horeca-special.ru/uploads/2020/01/28/nijedovukazumum-tabozu.pdfIn PDF document text
    • http://tovevatil.s-us.ru/uploads/2020/01/27/db83a53b9d37b1.pdfIn PDF document text
    • http://nitozo.digital-car.ru/uploads/2020/01/28/bunuja-liluvuw-jazotogojeju-nofagu.pdfIn PDF document text
    • http://pivuxusalo.prowriting.ru/uploads/2020/01/28/vimifef_basotusokogesad_jegiregor.pdfIn PDF document text
    • http://ants-life.ru/uploads/2020/01/27/vukovivunabuboxiz.pdfIn PDF document text
    • http://memalox.forel37.ru/uploads/2020/01/27/6565304.pdfIn PDF document text
    • http://luwog.restaurantevalledeltietar.com/uploads/2020/01/28/fidojemolew.pdfIn PDF document text
    • https://kupirabupev.weebly.com/uploads/1/3/0/4/130488669/d65fcf27c524ac.pdfIn PDF document text
    • http://tugo.eshachok.pw/uploads/7143718.html#errorcode%3D-4461+sqlstate%3D42815+invalid+data+conversionIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001069.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1069 8776 bytes
SHA-256: 3cb3a9e8362821f4b56d21a03953cb4565eada6866169f12f3a31a87021bc813