Malicious PDF — malware analysis report

Static analysis result for SHA-256 d4af9a838246c6ed…

MALICIOUS

PDF

23.5 KB Created: 2020-04-30 04:06:16 +03:00 Authoring application: wkhtmltopdf 0.12.1.4 (via Qt 4.8.6)
MD5: b2aa44f1a29ef79738be979a4db22e71 SHA-1: 19abfd98cc40668d5fccee1f0fe0e58597faf083 SHA-256: d4af9a838246c6ede5a9a492be289dc35943069d4d6cd6383c5ea2dd21c12b0d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains numerous external links, many pointing to similarly structured URLs on different domains, indicating a link farm or SEO spam tactic. The document body, though partially corrupted, suggests a lure related to 'logic exercises answers'. The ML classifier strongly flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9981

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://referral360network.com/uploads/1/3/0/3/130379231/130379231.html#the+categorical+syllogism+logic+exercises+answers
    • http://fundamenton.com/uploads/1/3/1/4/131407802/wotafujajolexubavede.pdf
    • http://remiemichelleclarke.com/uploads/1/3/0/4/130435701/c5fa020437b129.pdf
    • http://bluesbreakercottage.com/uploads/1/3/0/4/130490421/774e5a34f45.pdf
    • http://homeschoolingsource.com/uploads/1/3/0/9/130969216/kuzuxuju-gamadavovon-gevizew-mipawikuduv.pdf
    • http://atrickortwo.com/uploads/1/3/1/4/131455956/xawibulami.pdf
    • http://firsttimeinkenya.org/uploads/1/3/0/8/130814070/097892ac9.pdf
    • http://meganwesterveltfloraldesign.com/uploads/1/3/0/7/130739379/pekofodaxuna-xepokapoxu-zufozizusonelen-dawowasoz.pdf
    • http://customcreationshou.net/uploads/1/3/0/4/130435722/fb80998c2da.pdf
    • http://teamsellkey.com/uploads/1/3/0/5/130551880/zoxafufej.pdf
    • http://kanopy.store/uploads/1/3/0/4/130435898/parafamubewisagil.pdf
    • http://daturafashion.com/uploads/1/3/0/3/130323455/4d322b2c19a42b6.pdf
    • http://yourcreditmanager.net/uploads/1/3/1/4/131438280/32c690eec456458.pdf
    • http://snakeriversecurity.com/uploads/1/3/1/3/131380177/jijifiwa-futabilebevunib-xelokaravexofad-xopolelefov.pdf
    • http://biozantium.com/uploads/1/3/1/4/131452800/9834539.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.