Malicious PDF — malware analysis report

Static analysis result for SHA-256 c825486d9171525f…

MALICIOUS

PDF

91.1 KB Created: 2021-05-27 07:42:42 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 1186103d5265b53e6602d6bc194cb2cc SHA-1: 925792b611213665d85c07664383fb8b96873f0b SHA-256: c825486d9171525f188c472e0f4e2406040ee9d4471d4c7f5e7c6a6c334b2b0f
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://xezojetit.ru/strik?utm_term=sad+broken+heart+shayari+video+download+mirchi
    • https://ninobajoxakatud.weebly.com/uploads/1/3/4/7/134702009/voruxefej.pdf
    • https://cdn-cms.f-static.net/uploads/4403406/normal_601f21480b568.pdf
    • https://girenofozajete.weebly.com/uploads/1/3/4/4/134476001/napowez.pdf
    • https://fuxusololozo.weebly.com/uploads/1/3/1/3/131380606/babugigatus_nenutejukup.pdf
    • https://lodufokokafapav.weebly.com/uploads/1/3/5/3/135346761/257302.pdf
    • https://fubaxegadajud.weebly.com/uploads/1/3/4/4/134454669/1189339.pdf
    • https://fijozemubo.weebly.com/uploads/1/3/4/2/134234573/142c53d55e2692c.pdf
    • https://cdn-cms.f-static.net/uploads/4387412/normal_603fa3eb2bad9.pdf
    • https://cdn-cms.f-static.net/uploads/4426269/normal_6017ab9b9a923.pdf
    • https://cdn-cms.f-static.net/uploads/4491725/normal_602790c4374c0.pdf
    • https://jofetafoba.weebly.com/uploads/1/3/4/4/134485710/duvubuketevufofavoze.pdf
    • https://cdn-cms.f-static.net/uploads/4530712/normal_6052a3c4ec53d.pdf
    • https://uploads.strikinglycdn.com/files/4a1291fb-cfba-4a17-891d-f8db4dc76744/how_to_adjust_jlab_earbuds.pdf
    • https://uploads.strikinglycdn.com/files/e56cdff2-d99b-417a-92f8-0dbb3d3b2236/97809981345.pdf
    • https://uploads.strikinglycdn.com/files/f59a1139-0788-43bf-89eb-09723918f787/rawonigawosokipajufuzaw.pdf
    • https://uploads.strikinglycdn.com/files/ec3433ad-e6a0-4983-8a64-30c33cd05247/la_crosse_technology_alarm_clock_manual.pdf
    • https://uploads.strikinglycdn.com/files/3cd3bc82-bd09-4e8a-84ab-ba15ca2dd819/casio_f-91w_band_replacement.pdf
    • https://uploads.strikinglycdn.com/files/573d25f7-8ca0-4d03-b5bf-eff6aa9ea4fb/the_iliad_full_text.pdf
    • https://uploads.strikinglycdn.com/files/5862ad95-cd9b-42c2-a14f-5ea1847b1d15/zevopunelogisuwuwugole.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.