Malicious PDF — malware analysis report

Static analysis result for SHA-256 ccd65ad24b298432…

MALICIOUS

PDF

40.5 KB Authoring application: ImageMagick First seen: 2022-07-02
MD5: e27cced17deaab8d953ec133cf8e738e SHA-1: 739b0380fcf36fdb4f4114c31987a37f034b6b5c SHA-256: ccd65ad24b2984324248f0ed043ab2702cf4ad1bdbcb07a4cfd7e7b1f555910d
152 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://oscarthedumpertruck.com/uploads/1/3/0/5/130589430/4bdf73c7b80.pdf In PDF document text
    • http://weitzfitness.com/uploads/1/3/0/6/130620813/sezilifovulojuno.pdfIn PDF document text
    • http://foodytees.com/uploads/1/3/0/6/130620423/7479648.pdfIn PDF document text
    • http://maikesmarvels.net/uploads/1/3/0/4/130476396/fujuxibomemi-baxoro-mowutajor.pdfIn PDF document text
    • http://mikekelley.us/uploads/1/3/0/6/130639922/gugek.pdfIn PDF document text
    • http://nw1.me/uploads/1/3/0/3/130379110/5da5cae15c28.pdfIn PDF document text
    • http://emmareneebradford.com/uploads/1/3/0/3/130323332/vazinipejola.pdfIn PDF document text
    • http://bourki.com/uploads/1/3/0/4/130483193/jemirafigufimirafot.pdfIn PDF document text
    • http://dcmetrotaxservices.com/uploads/1/3/0/4/130488700/zovapijadusa-vizedu.pdfIn PDF document text
    • http://polarclad.com.au/uploads/1/3/0/6/130621006/fogofujelevone.pdfIn PDF document text
    • http://bhpcd.org/uploads/1/3/0/6/130621983/rojupadaluzalefa.pdfIn PDF document text
    • http://leah-golden.com/uploads/1/3/0/7/130776082/3698636.pdfIn PDF document text
    • http://www.tabervipers.com/uploads/1/3/0/5/130588256/nomel.pdfIn PDF document text
    • http://panturoiub.com/uploads/1/3/0/2/130273899/nekevodagulegamukaba.pdfIn PDF document text
    • http://nevadarapidcash.com/uploads/1/3/0/8/130874148/julirevuraxud-xexofivolazugo-sararexi-fopopez.pdfIn PDF document text
    • http://myrawilliamsottewell.com/uploads/1/3/0/5/130588344/sukil-kedomemume-nuwafep-kisubagoduririp.pdfIn PDF document text
    • http://myeclecticyoga.com/uploads/1/3/0/7/130775732/timajizoxetisapolu.pdfIn PDF document text
    • http://apartmentlocatorshomefinding.com/uploads/1/3/0/8/130813651/9944881.pdfIn PDF document text
    • http://www.rusticroosterbarn.com/uploads/1/3/0/2/130289623/130289623.html#diagnostico+diferencial+de+fasciola+hepatica+en+bovinosIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000404a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x404A 8532 bytes
SHA-256: 3a889fc69d5119c175edf557faad63bf34e0e56cdf54c84e0fe7c0b0bfc047ee