Malicious PDF — malware analysis report

Static analysis result for SHA-256 b5bdf9b27bc06702…

MALICIOUS

PDF

74.9 KB Created: 2021-03-12 17:48:39 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 11155519e938c52164cd4f665b2c58aa SHA-1: 72e9632984759fd2db2e1c33b64e33ecdd0ad8b2 SHA-256: b5bdf9b27bc06702126090faf56915a094004c0c00dcea942879e109d71b3ad4
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9996

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://mezovuduw.ru/award?keyword=english+b1+reading+comprehension+pdf
    • http://waystep.site/aileron_heavy_font_freea938h.pdf
    • https://cdn-cms.f-static.net/uploads/4490251/normal_600be6b14fb90.pdf
    • http://dorightpress.com/shotgun_sound_download5qn1n.pdf
    • https://kawuruli.weebly.com/uploads/1/3/0/8/130814241/bujeridivowati.pdf
    • http://repochka.site/622973115036upt0.pdf
    • https://cdn-cms.f-static.net/uploads/4490720/normal_6048c55d5f437.pdf
    • https://cdn-cms.f-static.net/uploads/4485435/normal_5fe9c40aed51d.pdf
    • http://vibijinit.scienceontheweb.net/dawes_rolls_year.pdf
    • https://cdn-cms.f-static.net/uploads/4374708/normal_600f86d0e08d7.pdf
    • http://copyrighthelpcentral.com/19077642877lum67.pdf
    • https://tujobofawoti.weebly.com/uploads/1/3/2/6/132695409/zufapizugidipi.pdf
    • https://static.s123-cdn-static.com/uploads/4426279/normal_5feb713a819a3.pdf
    • https://rejobasagiletez.weebly.com/uploads/1/3/4/6/134642313/tomisebagagep-xivobawipovek-roxozamibosapus-gogipukun.pdf
    • https://cdn-cms.f-static.net/uploads/4475204/normal_600b706f6b80c.pdf
    • https://cdn-cms.f-static.net/uploads/4476427/normal_5fe675e8535e3.pdf
    • https://cdn-cms.f-static.net/uploads/4463272/normal_6011353d81e4a.pdf
    • https://static.s123-cdn-static.com/uploads/4493867/normal_5fcdd8dda7983.pdf
    • http://nakekizedexu.getenjoyment.net/sportline_4065_watch_manual.pdf
    • https://gepadagonuvo.weebly.com/uploads/1/3/0/7/130775626/6292163.pdf
    • https://mizojomi.weebly.com/uploads/1/3/0/9/130969452/pifitolugupepetege.pdf
    • http://natlab.ru/77622493703k0oa5.pdf
    • http://tikomiwewo.atwebpages.com/wonizajokimujusisipalif.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.