Malicious PDF — malware analysis report

Static analysis result for SHA-256 bd50d0b08bf03295…

MALICIOUS

PDF

87.1 KB Created: 2021-03-14 23:24:22 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 10f6cde3acf9c05329ea5c21fe5843e0 SHA-1: 2462cafcec63d931fdf79a1660187c46e10a1d23 SHA-256: bd50d0b08bf03295277de9183e68aee3d70b9b4631f0c579c746d62b9929d726
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9993

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jumiwimov.ru/award?keyword=financial+reporting+interview+questions+and+answers+pdf
    • https://gegixigozazewit.weebly.com/uploads/1/3/4/8/134858275/b2d741eab67c.pdf
    • https://fiwarurebel.weebly.com/uploads/1/3/2/8/132814972/lolorebivoxi_rabuzoxejed_badek_pelezujutonudon.pdf
    • https://tivubolo.weebly.com/uploads/1/3/1/8/131857038/e9c6ae4a8843.pdf
    • https://cdn-cms.f-static.net/uploads/4455174/normal_60345e39da3d0.pdf
    • https://tofibuji.weebly.com/uploads/1/3/5/3/135309424/1efa6c.pdf
    • https://static.s123-cdn-static.com/uploads/4417406/normal_5fff5ae75f0cf.pdf
    • https://cdn.sqhk.co/somujatiza/Bu5hegh/best_deet_free_insect_repellent_consumer_reports.pdf
    • https://static.s123-cdn-static.com/uploads/4470677/normal_5fee70b9c91b3.pdf
    • https://gakurajoduradi.weebly.com/uploads/1/3/4/1/134131237/b8458c1cc0c4.pdf
    • https://cdn.sqhk.co/xagaxubibiz/Eheiaib/water_park_slides_for_sale.pdf
    • https://cdn.sqhk.co/lonubugogere/zjeQ9Je/cara_download_video_instagram_private_tanpa_aplikasi.pdf
    • https://3c3b6f52-20a2-448a-be11-eec5930c502f.filesusr.com/ugd/0ca786_cdff1838c5bf49438a2c079c69582bdd.pdf?index=true
    • https://uploads.strikinglycdn.com/files/b5cf739f-fdb3-4a26-87ea-4bc1cd4e128b/zesixonadidulufulozus.pdf
    • https://uploads.strikinglycdn.com/files/2ac697be-0864-45c0-b49d-4c8ed5b570bc/top_baby_names_2020_australia_mccrindle.pdf
    • https://5548a280-a194-4776-8019-0e256783c1fa.filesusr.com/ugd/f2c1dc_e1d954808d4a4cf0ba1735097af92db3.pdf?index=true
    • https://abbf68a8-5b21-4996-91be-11266bd273ed.filesusr.com/ugd/9374a7_f4f01f569ddf488ea4bfec44ee8e73be.pdf?index=true
    • https://c84d532c-3b33-47d6-96aa-4134a1164eb1.filesusr.com/ugd/6d45f6_3153dd47cba446a1bed4a66134fe1ff1.pdf?index=true
    • https://9c12218e-e157-4070-b33f-4467b3cb42bb.filesusr.com/ugd/0c60a0_518b2a8cfbc34b95afa311a136c36732.pdf?index=true
    • https://9387bd13-3746-4408-b474-2867f26e464d.filesusr.com/ugd/ace02d_f23df41b207d491dba461277d192b3aa.pdf?index=true
    • https://uploads.strikinglycdn.com/files/abbc9107-395f-4cb1-8deb-11193e13af6d/how_to_reset_sky_mini_box.pdf
    • https://2c8134a4-d865-4da1-8961-c755d7242105.filesusr.com/ugd/6dcf04_4916bfc317824b86a2820285fd35826e.pdf?index=true
    • https://2a983b51-2e13-4971-8c1f-a5bca3ab4353.filesusr.com/ugd/e1a791_db145a9c3b8b45d5ae30ffa7d4e2d88f.pdf?index=true
    • https://uploads.strikinglycdn.com/files/60fdcc39-68ff-4c84-93c5-eae19dbe5999/47271083479.pdf
    • https://b84c3727-5d5a-4c5d-9d5d-21cac87b3a69.filesusr.com/ugd/fdd6c2_dc5ae93191e8454e8f0598b7f7eae9f2.pdf?index=true
    • https://uploads.strikinglycdn.com/files/727db60e-018f-4514-bbed-66eab87f7944/52017225338.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.