Malicious PDF — malware analysis report

Static analysis result for SHA-256 82a631045cf500a1…

MALICIOUS

PDF

35.3 KB Authoring application: Solid Converter PDF
MD5: 2d24f4e669bbe2f42fe4f2f7b65fda08 SHA-1: 6a644ae080c25329e2bb4a7e4f31f5fd85372cf2 SHA-256: 82a631045cf500a1bd88086d5b12cc11cbc7e9f428a90cc207a195350befa381
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample is identified as malicious by multiple heuristics, including a critical PDF_SEO_LINK_FARM rule indicating a large number of external PDF links. The document body, though partially corrupted, contains text related to bursary applications and embeds numerous URLs pointing to other PDF files. This suggests a phishing or social engineering attack aimed at directing users to download further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://jfeust.com/uploads/1/3/0/4/130488946/26c6e86c0.pdf
    • http://www.abalabalnews.id/uploads/1/3/0/7/130739351/4864645.pdf
    • http://www.sociallyaddictive.com/uploads/1/3/0/5/130590567/a95b849a0c4d.pdf
    • http://misscassandralaurionartwork.com/uploads/1/3/0/6/130620365/kugesawavowatibajox.pdf
    • http://funksoul.org/uploads/1/3/0/5/130547486/d30b834f8b5a2.pdf
    • http://www.aiselementary.com/uploads/1/3/0/6/130621243/jotajon.pdf
    • http://mta-sts.mx0.startupedia.de/uploads/1/3/0/6/130621443/5d8fe887.pdf
    • http://www.hedgelandscapedesign.com/uploads/1/3/0/5/130538990/2108347.pdf
    • http://norwegianmade.com/uploads/1/3/0/6/130621625/2015006.pdf
    • http://opossumpouchwildlife.com/uploads/1/3/0/4/130483178/rekoziwudu-guwujinor-pitogusaxugav.pdf
    • http://tacticalvalkyrie.com/uploads/1/3/0/7/130776590/5037781.pdf
    • http://www.pletskud.net/uploads/1/3/0/8/130813714/75ab6a52e.pdf
    • http://ex-statics.com/uploads/1/3/0/4/130483239/0fc0425e.pdf
    • http://noteworthyatms.net/uploads/1/3/0/5/130589014/rudomezigese.pdf
    • http://christinalozanofier.com/uploads/1/3/0/5/130540397/juwizo.pdf
    • http://bartenderbitch.com/uploads/1/3/0/7/130739433/puzosilitu.pdf
    • http://t-labbikes.com/uploads/1/3/0/5/130589033/8292329c032011e.pdf
    • http://x0877193xstreamtravel.xsideas.com/uploads/1/3/0/7/130739023/130739023.html#examples+of+motivational+letters+for+bursaries+pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002e92.bin
09fe3b3dc07ef948c7a782d1034b0de7020760cd7e8d025a7aa1323ac6033e03		 pdf-font-stream PDF embedded font (sfnt) at offset 0x2E92 7432 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.