Malicious PDF — malware analysis report

Static analysis result for SHA-256 b6de19165b03409b…

MALICIOUS

PDF

107.0 KB Created: 2021-04-01 07:19:59 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 120fd745802d5736c080a9de59df54df SHA-1: 73e2eddb2719d6d627fc769648db206f57797a42 SHA-256: b6de19165b03409bd2d28fb9dd3f92c63af90677f0160878e1f8d78e7658a74c
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9995

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://botokaw.ru/award?keyword=malayalam+kavitha+aswamedham+lyrics+pdf
    • https://dibegojiziwezed.weebly.com/uploads/1/3/0/7/130739363/8292888.pdf
    • https://cdn-cms.f-static.net/uploads/4366028/normal_5fd0c06c53155.pdf
    • https://cdn-cms.f-static.net/uploads/4379474/normal_604d31ba336c3.pdf
    • https://kewegiru.weebly.com/uploads/1/3/1/4/131438086/sevodig-gubanarewire.pdf
    • https://static.s123-cdn-static.com/uploads/4481423/normal_6000e6afb8cc5.pdf
    • http://bizifemodefi.mygamesonline.org/11620298740.pdf
    • https://cdn-cms.f-static.net/uploads/4446280/normal_600a1f270a1c1.pdf
    • https://static.s123-cdn-static.com/uploads/4471249/normal_5fca5ad0b9dd7.pdf
    • https://uploads.strikinglycdn.com/files/223735e4-3f0b-4869-af77-dea7d87afa5f/sony_dav-tz140_price_in_kenya.pdf
    • http://gosaduzunake.myartsonline.com/65865733500.pdf
    • https://uploads.strikinglycdn.com/files/78ff2089-f2cd-49a3-b113-c5f949639789/33529667814.pdf
    • http://kajilurugo.rf.gd/15036892836.pdf
    • https://4adff18d-dc39-4349-be2c-eeb12737f1cb.filesusr.com/ugd/9117e0_16fe1d5f3048494e89915cc52c1f1b86.pdf?index=true
    • https://656adf98-7a81-40bd-8d0f-2b9c27d09201.filesusr.com/ugd/268ab1_c1e17e4c6dac4a3094ae862bdaa04f93.pdf?index=true
    • https://f98f40d2-b649-4e6b-99af-b89bbf2331ff.filesusr.com/ugd/724bd4_9f7ac955785e4aab8a2492ce7e3700fd.pdf?index=true
    • https://e0271a52-a7af-48e9-8a99-924ce320ec62.filesusr.com/ugd/be5703_4c17f148fc114073a7c00dcb5c306c4c.pdf?index=true
    • http://jurizamumi.myartsonline.com/flat_belly_diet_menu.pdf
    • https://uploads.strikinglycdn.com/files/8e7187ae-675b-43d0-a014-10d4edfd139b/9766568645.pdf
    • http://vivemowirarok.rf.gd/wigezesekovajorifufem.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.