Malicious PDF — malware analysis report

Static analysis result for SHA-256 b2b9106f87bf321a…

MALICIOUS

PDF

15.2 KB Created: 2020-10-01 19:48:47 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-01-23
MD5: 62b0bc89a40b7d376c50b97887134a04 SHA-1: 22805ba62fa76726c7bc299f9ec498c9533a51e4 SHA-256: b2b9106f87bf321a09166a9de7cd85f2a523292e61b61afe7cde09005090c37e
122 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9942

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
    Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cctraff.ru/strik?keyword=accounts+payable+process+steps+pdf In PDF document text
    • https://site-1039393.mozfiles.com/files/1039393/11972398243.pdfIn PDF document text
    • https://site-1037101.mozfiles.com/files/1037101/90243840082.pdfIn PDF document text
    • https://site-1036798.mozfiles.com/files/1036798/pebapetilesum.pdfIn PDF document text
    • http://kerevixeg.ameliaellwood.co.uk/uploads/1/3/1/6/131606346/nolubolagaw_xukigufujufu.pdfIn PDF document text
    • http://files.burgfootball.com/uploads/1/3/0/7/130775123/masisegipoz.pdfIn PDF document text
    • http://files.carlyhines.com/uploads/1/3/1/4/131482944/28712.pdfIn PDF document text
    • http://jezenal.nicoledietze.com/uploads/1/3/0/7/130776661/9013227.pdfIn PDF document text
    • http://buwot.gameplayer.dk/uploads/1/3/0/8/130814623/lanarixapovewazib.pdfIn PDF document text
    • https://site-1037048.mozfiles.com/files/1037048/pajetetolupuxigopav.pdfIn PDF document text
    • https://site-1036693.mozfiles.com/files/1036693/69494215591.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.