Malicious PDF — malware analysis report

Static analysis result for SHA-256 cd9cf8e738e649e2…

MALICIOUS

PDF

131.7 KB Created: 2022-07-05 16:17:20 +00:00 Authoring application: yarhedd (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: f3e2dc2d96f6206d60e691c7144ac040 SHA-1: ecb488aca0a8c03cdab5183a239fe64fe0cb2986 SHA-256: cd9cf8e738e649e29949af4b51d162070725882f33f5f65f2fd2cda9ee3ce1dc
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a significant number of external links, identified as a link farm. The primary URL, http://sitesworlds.com/barcelonas/..., appears to be a gateway for further malicious redirection or content delivery. The heuristic 'PDF_SEO_LINK_FARM' indicates a large number of generated links, suggesting an attempt to manipulate search engine results or distribute malware through a network of sites.

Machine Learning

  • Nyx PDF Classifier clean score 0.0216

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://sitesworlds.com/barcelonas/RmlmYSAyMgRml/basseterre/republishing.gikandi/?libido=ZG93bmxvYWR8QkcyZERSdGZId3hOalUzTURNMk1qSXpmSHd5TlRjMGZId29UU2tnY21WaFpDMWliRzluSUZ0R1lYTjBJRWRGVGww&plated=acetaidehyde
    • http://saddlebrand.com/wp-content/uploads/2022/07/targiov.pdf
    • https://likesmeet.com/upload/files/2022/07/WJshfnX6Xg8j7VAXrJed_05_d9dfb32ed7639b1c8635f6d67856cea5_file.pdf
    • https://myrealex.com/upload/files/2022/07/YCo29QBSDbncLzDT8iQ7_05_d9dfb32ed7639b1c8635f6d67856cea5_file.pdf
    • http://www.midax.it/registrazione-utenti/
    • https://studygoodenglish.com/course/blog/index.php?entryid=3107
    • https://www.cityofirvine.org/system/files/webform/international_visitors/brober970.pdf
    • https://www.ci.lancaster.ma.us/sites/g/files/vyhlif4586/f/uploads/marriage_intentions_rules.pdf
    • https://choicemarketing.biz/fifa-22-crack-patch-april-2022/
    • https://jobdahanday.com/fifa-22-crack-keygen-with-serial-number-free-download-win-mac-2022/
    • https://thebrothers.cl/fifa-22-with-license-key-product-key-full-free-download/
    • https://fierce-garden-12148.herokuapp.com/Fifa_22.pdf
    • https://atennis.kz/tour/upload/files/2022/07/JZuBnzJzN6FyKO7Nc2rv_05_d9dfb32ed7639b1c8635f6d67856cea5_file.pdf
    • http://it-labx.ru/?p=62064
    • http://www.visitmenowonline.com/upload/files/2022/07/T7s3j9vVunNfSNj5ACWY_05_4b801e0140f63be5d38ca89fd2a58013_file.pdf
    • https://lutce.ru/wp-content/uploads/2022/07/janale.pdf
    • https://sharkdeterrent.com/sites/default/files/webform/Fifa-22.pdf
    • https://lannews.net/advert/fifa-22-hack-patch-keygen-full-version-free/
    • https://visitfrance.travel/wp-content/uploads/2022/07/Fifa_22_Keygen_Full_Version_Free_Download_3264bit.pdf
    • https://www.reperiohumancapital.com/system/files/webform/nayweb157.pdf
    • https://scrolllinkupload.s3.amazonaws.com/upload/files/2022/07/7zdwQudUKl6VYusmzkSL_05_140308953623de48a4be385275c85073_file.pdf
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.