Malicious PDF — malware analysis report

Static analysis result for SHA-256 b54deaa0fd2f1f2c…

MALICIOUS

PDF

35.1 KB Created: 2020-04-16 11:21:18 +03:00 Authoring application: wkhtmltopdf 0.12.1.4 (via Qt 4.8.6)
MD5: 71d52890844b832fa1981043d94657b4 SHA-1: 18af45158406b906c0f77bfc88e2b81df643e465 SHA-256: b54deaa0fd2f1f2c38bf123630c34ecdb8ee70c14aba19535d14ead169e0714c
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains numerous external links, identified by the PDF_SEO_LINK_FARM heuristic, which are indicative of a link farm or phishing campaign. The document body, though partially corrupted, suggests a lure related to a '2015 chevrolet malibu service manual'. The embedded links point to various domains, likely serving as landing pages for malicious content or phishing attempts. No scripts were extracted from this sample.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://fastlaprchobbies.com/uploads/1/3/0/6/130620370/130620370.html#2015+chevrolet+malibu+service+manual
    • http://researchscienceingenuity.com/uploads/1/3/0/7/130740013/6876238.pdf
    • http://wakelandmanorinc.com/uploads/1/3/1/3/131384568/kedakasolijule.pdf
    • http://inspired2eatright.com/uploads/1/3/1/3/131380689/e09ce2dfb6.pdf
    • http://nonewapstax.com/uploads/1/3/1/4/131407995/nedekereronidipugo.pdf
    • http://firstdirectfinancial.info/uploads/1/3/1/3/131398333/1258825.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000629e.bin
47ec56164162817e26407ae3655d83b95d43a50fb6b922f9699553b5faab169e		 pdf-font-stream PDF embedded font (sfnt) at offset 0x629E 7720 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.