Malicious PDF — malware analysis report

Static analysis result for SHA-256 8704762699ae275b…

MALICIOUS

PDF

52.5 KB Authoring application: QPDF
MD5: 672deb25df4fe31815554a06eebdd413 SHA-1: 03100a70c8179547af531f139e18aa7033112c70 SHA-256: 8704762699ae275b232a3af3ba8a9e9b6a54d836144feb1958985a3c28c8eb06
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, indicating a link farm or redirection scheme, as flagged by the PDF_SEO_LINK_FARM heuristic. The ML classifier and ClamAV detection strongly suggest malicious intent, likely related to phishing or malware distribution. No scripts were extracted, but the sheer volume of external links points to a coordinated effort to host or link to malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://pricedestroyer.com/uploads/1/3/0/6/130604810/gipupimuramo_pikeno.pdf
    • http://valleyofthedunes.com/uploads/1/3/0/4/130490399/f4ff8.pdf
    • http://cordiaaladvies.nl/uploads/1/3/0/5/130539251/gomobexokaf-dijigipemowen-wujeluw-jozirobasusoxa.pdf
    • http://napervillebedbugs.com/uploads/1/3/0/5/130538870/6711767.pdf
    • http://suprimos.club/uploads/1/3/0/6/130640039/pikurilakez_tevopugatavul.pdf
    • http://friendsweatherapp.com/uploads/1/3/0/4/130483134/1294607.pdf
    • https://subazekuru.weebly.com/uploads/1/3/0/4/130476148/xeziluto.pdf
    • http://paxev.denta-s.ru/uploads/2020/01/28/7c2eac49106a.pdf
    • http://carolinetaylor.com.au/uploads/1/3/0/6/130621880/lusikepib.pdf
    • http://musicatkhs.com/uploads/1/3/0/4/130488157/dozezipuzezavo.pdf
    • http://gas.visittatarstan.ru/uploads/2020/01/29/d659d31e9.pdf
    • http://ktrpo.com/uploads/1/3/0/6/130639025/kefefuf_jijovebawalu_sovarumexubiwo.pdf
    • http://mindforyou.org/uploads/1/3/0/6/130604537/130604537.html#structural+functionalism+theory+in+political+science+pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001160.bin
c06a3f3b5cc22fd92cfe3b323f6b2326454e1511ebcffca0c784cf040e86a7b3		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1160 9144 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.