Malicious PDF — malware analysis report

Static analysis result for SHA-256 aed7a1c726bb5c5b…

MALICIOUS

PDF

55.1 KB Authoring application: LibreOffice
MD5: 2ae46e8052e687f75876202ca7641898 SHA-1: 29482b9abc299ed97897351a3b3fecfc567fbb68 SHA-256: aed7a1c726bb5c5bdc89f25180c27af2a2a8952f84a10044391e0b9a06a723e2
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

This PDF file was detected as malicious by ClamAV and an ML classifier, exhibiting characteristics of a link farm. The document contains numerous embedded URLs pointing to PDF files hosted on Weebly, suggesting a tactic to distribute content or manipulate search engine results. While no scripts were explicitly extracted, the PDF structure and embedded links are indicative of a phishing or content distribution scheme.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://magaluvajaxepol.weebly.com/uploads/1/3/0/3/130313388/5dc28b.pdf
    • https://futiroma.weebly.com/uploads/1/3/0/3/130313339/zawusipixaved-tifemireperu-renadatomovolo-talinuwitavonu.pdf
    • https://dazuwowox.weebly.com/uploads/1/3/0/4/130488987/4207130.pdf
    • https://bafizajufog.weebly.com/uploads/1/3/0/5/130550857/mixotoliza.pdf
    • https://digasero.weebly.com/uploads/1/3/0/3/130312923/9472072.pdf
    • https://ragobiredufufaf.weebly.com/uploads/1/3/0/4/130483961/mivatagat-kixunij-patorewep.pdf
    • https://webolisu.weebly.com/uploads/1/3/0/4/130488282/9556214.pdf
    • https://dukalovekulituf.weebly.com/uploads/1/3/0/4/130488294/xulamoruzepu_gariwitajemomus.pdf
    • https://muwagegi.weebly.com/uploads/1/3/0/4/130476722/8204031.pdf
    • https://pixukeju.weebly.com/uploads/1/3/0/4/130488542/bufotufivubifujeduf.pdf
    • https://nulonopobi.weebly.com/uploads/1/3/0/3/130379316/130379316.html#journal+internasional+autism+pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000012b5.bin
00274ab40232fbbd0ef3f91e6ff44fac7b8c49848f8ff36d5b1da6e03d61cabb		 pdf-font-stream PDF embedded font (sfnt) at offset 0x12B5 8460 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.