Malicious PDF — malware analysis report

Static analysis result for SHA-256 ce957fac70d59a42…

MALICIOUS

PDF

63.5 KB Created: 2021-05-13 06:41:26 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 20bc1f804ac2e290d3b08b2652f59d99 SHA-1: 29f8c04c3084f151d5e9569a10cbab763c49ae83 SHA-256: ce957fac70d59a4203796e5d1333dd42eb5c134fcd61c11441f73ec627687162
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF contains a significant number of external links, identified as a link farm. The primary suspicious URL, 'https://druttle.ru/strik?utm_term=bontrager+300+cadence+sensor', suggests a potential phishing or malicious redirection attempt. While no scripts were extracted, the heuristic 'PDF_SEO_LINK_FARM' strongly indicates malicious intent related to link manipulation or hosting of further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6601

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://druttle.ru/strik?utm_term=bontrager+300+cadence+sensor
    • https://rebageronamit.weebly.com/uploads/1/3/0/7/130775484/fixutafobi.pdf
    • https://cdn.sqhk.co/mekaxuzoxu/ieiiiad/uc_browser_free_for_windows_mobile.pdf
    • http://lunamawel.22web.org/bitesufidufokoloso.pdf
    • https://cdn.sqhk.co/xawodoze/5ie6igr/vba_date_now_format.pdf
    • https://cdn.sqhk.co/definuseju/hsI3iaB/38699153060.pdf
    • https://mufewikusa.weebly.com/uploads/1/3/4/0/134042586/fusevozeminexakod.pdf
    • https://cdn.sqhk.co/sigidezok/iAANgdO/44992695665.pdf
    • https://jadowusirufire.weebly.com/uploads/1/3/2/7/132740355/0f6ec2ef.pdf
    • https://f9c380c0-3c9a-404e-8c76-a924832b335c.filesusr.com/ugd/9c8fb9_800cee0f546248ff8a77062ec6889ef9.pdf?index=true
    • https://s3.amazonaws.com/debamijizozexo/c_yellow_book.pdf
    • https://s3.amazonaws.com/mamibis/dinawojoravorevi.pdf
    • https://s3.amazonaws.com/dupula/trigonometry_booklet.pdf
    • http://lugubukegi.epizy.com/73242141643.pdf
    • http://vufobaratoja.epizy.com/adverbs_of_time_quiz.pdf
    • https://56c41596-c8b3-4aa7-a075-23c9724d7f97.filesusr.com/ugd/ed77b2_5206b243855c425daeca762681de192c.pdf?index=true
    • https://s3.amazonaws.com/penefelomiju/hatchimals_colleggtibles_the_eggventure_game_instruction_sheet.pdf
    • https://c809e8a6-5bdf-489d-8d8c-df4e4638a115.filesusr.com/ugd/45a296_5f046bd99ccc43a682b9695781df1750.pdf?index=true
    • https://s3.amazonaws.com/lokijuronig/gujarati_bhajan_free.pdf
    • https://s3.amazonaws.com/zemunomipazikez/escape_room_games_free.pdf
    • http://fubegamo.epizy.com/90923864662.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.