Malicious PDF — malware analysis report

Static analysis result for SHA-256 c8d1c7f422fa33fb…

MALICIOUS

PDF

48.5 KB Authoring application: OpenOffice Draw
MD5: 215a02cc9072e1534e2e4b8a402083bd SHA-1: 39498a20884936a4712ce20160cf3f1c39a89edb SHA-256: c8d1c7f422fa33fb690399daeaf28b61c624dcaadbd7503f7065803440791eb9
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by multiple heuristics, including a critical finding for a link farm containing 31 external PDF links. The ML classifier also returned a high confidence score for maliciousness. The embedded URLs suggest a phishing or malware distribution campaign, likely aiming to lure users to download further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ready2startup.org/uploads/1/3/0/2/130289235/figeperasobowugajek.pdf
    • http://kitchensdoorsanddrawers.com/uploads/1/3/0/3/130313555/542278.pdf
    • http://theporterauthority.com/uploads/1/3/0/7/130776520/litujukufod_mujudavagaden_zomuruzigig_tixigolatelal.pdf
    • http://simplymagicaljewelry.com/uploads/1/3/0/4/130435500/narowodaxegubov.pdf
    • http://orangecongregationalchurchnurseryschool.com/uploads/1/3/0/6/130621867/kopupafikij.pdf
    • http://artfultemptress.com/uploads/1/3/0/4/130490786/gatugipuzag.pdf
    • http://flesherpoint.com/uploads/1/3/0/6/130603937/koduzuzixezowa_gumujavozaxiguz_vaxosan.pdf
    • http://dematic-university.com/uploads/1/3/0/6/130603903/xorelotivasimenen.pdf
    • http://ekki.co/uploads/1/3/0/2/130289410/segop-murubikugew-fovulus.pdf
    • http://fiafw.com/uploads/1/3/0/4/130479008/xusidam.pdf
    • http://storewolf.com/uploads/1/3/0/6/130639197/8d10a34d4b64.pdf
    • http://babywhoopsie.com/uploads/1/3/0/4/130483963/kaxepu_mubasije_kutotaxedaso_zosulez.pdf
    • http://jackies-graphics.com/uploads/1/3/0/6/130604836/zerujaxuruved-miponepesusezo-pelisi-boxax.pdf
    • http://academiaformacaoalmaviva.com/uploads/1/3/0/3/130324167/6195671.pdf
    • http://maskcarabeautycolormatch.com/uploads/1/3/0/5/130590383/8457884.pdf
    • http://achampionpurpose.com/uploads/1/3/0/4/130476598/jufag.pdf
    • http://jetslyfeinc.com/uploads/1/3/0/3/130313102/f0316.pdf
    • http://45t34.slpny.com/uploads/1/3/0/6/130603932/130603932.html#menurut+kbbi+kata+globalisasi+berarti

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00005fbf.bin
3c60fbdececb9092f24cc6d67333b846fa46ec417711ba713ea57fef311c5d24		 pdf-font-stream PDF embedded font (sfnt) at offset 0x5FBF 8376 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.