Malicious PDF — malware analysis report

Static analysis result for SHA-256 a8943dc9e00e3546…

MALICIOUS

PDF

75.4 KB Created: 2021-03-24 22:41:29 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 0ce163fe8755a9ef2b2795ec3b17a2be SHA-1: a3642ae6f859d5683008f9bad761f0a57800c4ee SHA-256: a8943dc9e00e35462f8bc6c7b311a23557ff8c01398d829b25fca5aab3675949
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9993

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://dafemum.ru/123?utm_term=gy-+68+bmp180+datasheet
    • https://cdn-cms.f-static.net/uploads/4448547/normal_5fd6781f1a8a5.pdf
    • http://muzoc.xyz/wajenuwojixakibobatuxq30v3.pdf
    • http://arevakar-travel.com/jaguar_f_type_used_buying_guideywfm0.pdf
    • http://dragonflysagewellness.com/penetration_testing_with_kali_linuxpmd0o.pdf
    • https://cdn-cms.f-static.net/uploads/4382643/normal_604464dd2d29e.pdf
    • http://znatural.space/21981210768i6v34.pdf
    • https://static.s123-cdn-static.com/uploads/4477864/normal_6004dbb7d5fbf.pdf
    • https://cdn-cms.f-static.net/uploads/4370778/normal_60264ea0c0f38.pdf
    • https://s3.amazonaws.com/ladojenefe/37496338417.pdf
    • http://texaliborobiko.epizy.com/alaiye_sitralaye_full_audio_song.pdf
    • https://s3.amazonaws.com/nijosinizo/juwutoronuvidotisajava.pdf
    • https://311919ef-92bb-434b-a93e-382c1a5e2e65.filesusr.com/ugd/c893b4_0729e7e8ecbe4eca837dee9790adda6d.pdf?index=true
    • http://nadezuj.epizy.com/beautiful_baby_photo_hd.pdf
    • https://4c69d07c-928c-405f-a1ab-6436392658c4.filesusr.com/ugd/4c264d_a7a2f51a075344fd93ad87b4e09b5f1e.pdf?index=true
    • https://s3.amazonaws.com/zubuwujoxom/how_to_study_logarithm_table.pdf
    • https://b01ec662-dec5-4f54-b977-8708717d6054.filesusr.com/ugd/07e02c_14741055dd8545ffadc98c316c7288e8.pdf?index=true
    • https://s3.amazonaws.com/dewazewokib/arch_pacman_guide.pdf
    • https://s3.amazonaws.com/tosego/sat_printable_reading_comprehension_worksheets.pdf
    • https://s3.amazonaws.com/tokit/76080819270.pdf
    • https://d5cf7a15-73c9-49c9-ad57-d4f0303abb0c.filesusr.com/ugd/0d002d_b585105acaf849429dec99b00d268cc0.pdf?index=true
    • https://s3.amazonaws.com/bajuse/24849598009.pdf
    • http://ziwutaje.epizy.com/2005_bmw_x5_phone_manual.pdf
    • https://s3.amazonaws.com/fukepez/tegitofirag.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.