Malicious PDF — malware analysis report

Static analysis result for SHA-256 95d755508218a038…

MALICIOUS

PDF

81.0 KB Created: 2021-03-29 22:35:54 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 0ffe86fafcd73db31ad6211c35634dca SHA-1: ef543c10edff0c30dd80e10ada6a49b9f116b6bd SHA-256: 95d755508218a038f5d7a92e16b35b10abd3b432cf27248fb9114920998e197b
78 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9992

Heuristics 5

  • Browser extension / update installation lure high SE_BROWSER_INSTALL_LURE
    Document tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://bologen.ru/award?keyword=cd+action+pdf+download
    • http://gevixadita.22web.org/banglarbhumi_khatian_plot_information_2018.pdf
    • https://pobufulali.weebly.com/uploads/1/3/4/4/134494274/losedaralopi-xelusodewele-fimatosud-buvesobe.pdf
    • http://tadugebakonuged.getenjoyment.net/define_administration_and_management.pdf
    • https://bobiguwifuza.weebly.com/uploads/1/3/5/9/135966914/demulaba_jalafuwosonan_gaweragudoz.pdf
    • https://cdn-cms.f-static.net/uploads/4464861/normal_601f633da299b.pdf
    • https://cdn-cms.f-static.net/uploads/4366660/normal_6025ca5a6662c.pdf
    • https://zafubunemajuz.weebly.com/uploads/1/3/5/3/135314528/munatof_logepilunin.pdf
    • http://lirinevewafa.mypressonline.com/cambridge_english_pet_book.pdf
    • http://rivilidopu.medianewsonline.com/assassin_s_creed_origins_guide.pdf
    • https://kuvenamowafave.weebly.com/uploads/1/3/1/3/131379608/sotewuwif.pdf
    • http://nigoguno.scienceontheweb.net/cuanto_es_5_11_pulgadas_en_centimetros.pdf
    • http://astropsychology.site/fallout_shelter_vault_layout_guidei4q2r.pdf
    • https://lutenidu.weebly.com/uploads/1/3/4/3/134398581/vawezovaxige.pdf
    • http://taygerr.com/34499210857s9arf.pdf
    • http://kuzexamipapoxip.medianewsonline.com/what_is_the_nature_and_scope_of_organizational_behavior.pdf
    • http://presente-top.store/xubozutorej3tneb.pdf
    • http://mini-cam2.club/nevititekebakikapovije7ti9.pdf
    • http://garanibukumom.scienceontheweb.net/paraiso_travel.pdf
    • http://bakavorun.getenjoyment.net/bncc_fundamental_ii.pdf
    • http://puvepedep.epizy.com/aliya_aliya_song.pdf
    • http://xufoziminep.onlinewebshop.net/sirinuwefatogebidutobi.pdf
    • http://faleferesevo.onlinewebshop.net/ukulele_chords_easy.pdf
    • http://sisuvoxodukon.epizy.com/human_factors_design_guide.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.