Malicious PDF — malware analysis report

Static analysis result for SHA-256 89a34709b73d0a9c…

MALICIOUS

PDF

40.8 KB Authoring application: Soda PDF First seen: 2021-04-10
MD5: 69979f6782d0dc29ff13921652a6cb10 SHA-1: 1166d54b0e495cd9838f78f045338d206c2ab566 SHA-256: 89a34709b73d0a9c589d4888b7d4f75058222c16b37771907009a8a5aeb663b7
152 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://rogikeberewivo.weebly.com/uploads/1/3/0/6/130604527/vowoj-vurawebalabiv.pdf In PDF document text
    • http://nakora.ledseven.ru/uploads/2020/01/28/lodufafega-nedebagi-ridewevolakud-gerujudumim.pdfIn PDF document text
    • http://bekuxeva.kreditop.ru/uploads/2020/01/27/1746059.pdfIn PDF document text
    • https://luzofoke.weebly.com/uploads/1/3/0/4/130476204/b68642f771e6f4f.pdfIn PDF document text
    • http://tiningthet.pro/uploads/2020/01/27/5737009.pdfIn PDF document text
    • https://moroxegurojajip.weebly.com/uploads/1/3/0/2/130289670/8793333.pdfIn PDF document text
    • http://burnsblufflodgeathighfalls.com/uploads/1/3/0/5/130550992/jamofirim-sukogavofudubi-tafenonivof-labolivodub.pdfIn PDF document text
    • http://420socialmedia.us/uploads/1/3/0/5/130543545/meseme_kizil_kenepitepefa.pdfIn PDF document text
    • http://trends2019.shop/uploads/2020/01/28/lefumakan.pdfIn PDF document text
    • http://msmagnosjcs.com/uploads/1/3/0/2/130288768/1989633.pdfIn PDF document text
    • http://adeletreasures.com/uploads/1/3/0/4/130476503/c1791615.pdfIn PDF document text
    • https://gaditifowe.weebly.com/uploads/1/3/0/2/130272344/3324801.pdfIn PDF document text
    • http://sozuxinato.albertoleno.com/uploads/2020/01/29/dovetafixudaz_mobizedusa_famewusimu.pdfIn PDF document text
    • http://cabinet-bank.su/uploads/2020/01/28/bogitiravefo.pdfIn PDF document text
    • http://1stassuredmi.com/uploads/1/3/0/4/130477952/fotasivus_rajisaxis_biwusapanegok_xopokupagaz.pdfIn PDF document text
    • http://zumipupixa.flyinbrasil.com/uploads/2020/01/28/7603041.pdfIn PDF document text
    • http://buf.mkubcm.ru/uploads/2020/01/29/kupalo.pdfIn PDF document text
    • http://alzeen.com/uploads/1/3/0/5/130550750/rotoniweta.pdfIn PDF document text
    • http://werajidinu.agicole-acces.com/uploads/2020/01/28/beda5187dce48d0.pdfIn PDF document text
    • http://crissconsultinggroup.com/uploads/1/3/0/2/130271111/222210.pdfIn PDF document text
    • http://niwosapuz.1-gc.net/uploads/2020/01/28/6305575.pdfIn PDF document text
    • http://maw.thebestessay.info/uploads/2020/01/28/diwimujidavidoru.pdfIn PDF document text
    • http://360teamllc.com/uploads/1/3/0/5/130590059/zelaju-wonojinupaj.pdfIn PDF document text
    • http://rekirati.audiostart10.icu/uploads/2020/01/27/9108054.pdfIn PDF document text
    • http://zunal.dmdmassage.com/uploads/2020/01/29/miveniregagor.pdfIn PDF document text
    • http://nancerealtyservices.com/uploads/1/3/0/2/130272862/130272862.html#new+zealand+cabinet+manual+2017In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000181a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x181A 8500 bytes
SHA-256: 6ed19b2bc432609800a3d6e2532cb3c84c9fa99c0817fb8f539f30eb47a0ac3a