Malicious PDF — malware analysis report

Static analysis result for SHA-256 8d5f2a9fc1385d81…

MALICIOUS

PDF

41.8 KB Authoring application: LibreOffice Draw
MD5: 73573a3e9bdd0636786920e2e98512a1 SHA-1: 76630c71b8a636b49ad934e1f7f4d28feedd3757 SHA-256: 8d5f2a9fc1385d81bab12ebc6905ecf8a7d0905b52303a5cd2e88755f021ce43
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to other PDF files hosted on various domains. This behavior is indicative of a link farm designed to distribute malicious content or engage in SEO poisoning. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports the malicious nature of this file, suggesting it is part of a phishing or traffic redirection scheme.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://inboundtrain.net/uploads/1/3/0/6/130622011/ropigutofi.pdf
    • http://integratedvaluation.org/uploads/1/3/0/6/130621102/xanevimu.pdf
    • http://rorybledsoe.com/uploads/1/3/0/5/130550825/3b6ad69b.pdf
    • http://argamaprints.com/uploads/1/3/0/5/130541065/zajedezefikokoj.pdf
    • http://clarender.com/uploads/1/3/0/4/130483733/litopajokodiw.pdf
    • http://atlanticseasaltcompany.com/uploads/1/3/0/5/130546237/7b1fb.pdf
    • http://adoptme.info/uploads/1/3/0/8/130874260/130874260.html#strategies+to+improve+critical+reading+skills

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000010b6.bin
63ac82e79cea9f4d6a68ef329f7e5e299fa4600904fceca0bc77dbda5936c844		 pdf-font-stream PDF embedded font (sfnt) at offset 0x10B6 8180 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.