Malicious PDF — malware analysis report

Static analysis result for SHA-256 9d3463adfef6fe85…

MALICIOUS

PDF

54.2 KB Authoring application: Solid Converter PDF
MD5: 2ac2fb1507d91affaa6851e55f640fab SHA-1: 2d159e3868e9573cfd2712e48762cb4e0f1b0c31 SHA-256: 9d3463adfef6fe857f087f8bfbbc37d5aa24c6180e8ad0e2944f65c12a9d8289
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the ML classifier output strongly indicate malicious intent. The document body, while partially corrupted, mentions 'Project on acid rain pdf' and includes several URLs, reinforcing the link farm hypothesis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9995

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://wakeupproductions.net/uploads/1/3/0/2/130291575/781f54.pdf
    • http://shopluckybamboo.com/uploads/1/3/0/5/130588407/kotoribozad-kefajavuge-mowirevopejelo-lomime.pdf
    • http://gemalchemist.com/uploads/1/3/0/5/130540567/98a53.pdf
    • http://deep-blue-seafood.com/uploads/1/3/0/6/130621734/medabapa_zitetolez.pdf
    • http://allamericandogexpo.com/uploads/1/3/0/2/130289226/130289226.html#project+on+acid+rain+pdf

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000107d.bin
824cfb7c7441a556f47cf30aaf5f2d48b65b9da32c1dea691a90870a4543325b		 pdf-font-stream PDF embedded font (sfnt) at offset 0x107D 8336 bytes
font_01_sfnt_off00008f3f.bin
779aa567746046747dac965df7fdfb06ff632674a0a99ce247a327bf89f0fa63		 pdf-font-stream PDF embedded font (sfnt) at offset 0x8F3F 16036 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.