Malicious PDF — malware analysis report

Static analysis result for SHA-256 bfa523d464d585de…

MALICIOUS

PDF

39.3 KB Authoring application: Serif PagePlus First seen: 2022-06-20
MD5: f71c8e4b207b6fc7739c5f89670be11c SHA-1: e741da743db52457caece214ce9bd62c8edcd436 SHA-256: bfa523d464d585dee2ef4826ce407989afb7a2a599549a81f303163b5406f046
160 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 4

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://davavipomoweta.weebly.com/uploads/1/3/0/6/130603932/zajamejal.pdf In PDF document text
    • http://wifesime.antivirus-downloads.online/uploads/2020/01/29/8785109.pdfIn PDF document text
    • http://tofupuxo.mimonostore.com/uploads/2020/01/28/fuxidolujajaradig.pdfIn PDF document text
    • http://rixar.pay-pass.xyz/uploads/2020/01/28/1551947.pdfIn PDF document text
    • http://fugid.rec4.icu/uploads/2020/01/28/gumofofemaw_dilifejajov_fugajerobeguf_sajagixasumobem.pdfIn PDF document text
    • http://tomi.familia-mebel.ru/uploads/2020/01/29/zusewiwisi_govata.pdfIn PDF document text
    • http://loti.jasonbarun.com/uploads/2020/01/27/34fd899ac5d.pdfIn PDF document text
    • http://madtama.com/uploads/1/3/0/4/130435835/webubezilutu.pdfIn PDF document text
    • https://jubibusin.weebly.com/uploads/1/3/0/5/130550698/1074407.pdfIn PDF document text
    • https://rulipopazadom.weebly.com/uploads/1/3/0/6/130604112/lukazelofido.pdfIn PDF document text
    • https://vuxiketamanoju.weebly.com/uploads/1/3/0/3/130323485/denuposu.pdfIn PDF document text
    • http://gozade.motiveorkestrasi.com/uploads/2020/01/28/8703066.pdfIn PDF document text
    • http://rosekota.danielfache.com/uploads/2020/01/27/wofenuxob.pdfIn PDF document text
    • http://support-account.net/uploads/2020/01/28/e816e3c3dafe.pdfIn PDF document text
    • https://kawiranozisu.weebly.com/uploads/1/3/0/2/130272414/xofilexabewuzejemas.pdfIn PDF document text
    • http://gardnerwellness.com/uploads/1/3/0/6/130603927/diwegobejur.pdfIn PDF document text
    • http://tonox.viniciusmelo.online/uploads/2020/01/28/4692208.pdfIn PDF document text
    • http://vernoncuttinghorses.com/uploads/1/3/0/3/130379078/e43ac97.pdfIn PDF document text
    • http://kajewozom.m6spotify.com/uploads/2020/01/28/7742733.pdfIn PDF document text
    • https://jotololilesem.weebly.com/uploads/1/3/0/4/130476496/vomotiwewavo.pdfIn PDF document text
    • http://taron.chess-nut.com/uploads/2020/01/28/b14108ff4cc590.pdfIn PDF document text
    • http://degovatoj.graf-von-eichendorff.online/uploads/2020/01/27/6149082.pdfIn PDF document text
    • http://ajautosalesva.com/uploads/1/3/0/6/130621800/130621800.html#buen+viaje+textbook+pdfIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001845.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1845 9352 bytes
SHA-256: 7d2cec9559db88a511534c371fe2407884428d0d54941b379c88fa7b3c764f29