Malicious PDF — malware analysis report

Static analysis result for SHA-256 dbb55328bafc16fd…

MALICIOUS

PDF

38.4 KB Authoring application: pstoedit First seen: 2021-03-31
MD5: e83e61c33c175fee292e786a3ae44f23 SHA-1: 823773fe60af5a09a914856e1d32ca4e48dbe408 SHA-256: dbb55328bafc16fd7c6f543cf87abfa03a767263335321a6e04d8f9b73c04809
152 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://npiafs.com/uploads/1/3/0/2/130291536/9004896.pdf In PDF document text
    • http://xonaruvogo.service-myaccount.net/uploads/2020/01/28/padumekerimusufum.pdfIn PDF document text
    • http://propertyplettenberg.com/uploads/1/3/0/6/130639537/xagaz_fufeto_dotifevam_weduw.pdfIn PDF document text
    • http://dokotidi.communicationsdataretention.space/uploads/2020/01/28/wifodexusomaxuvemexi.pdfIn PDF document text
    • http://zab.centrmebliv.com/uploads/2020/01/28/wijuj.pdfIn PDF document text
    • http://schooolfixers.com/uploads/1/3/0/6/130621140/5733404.pdfIn PDF document text
    • http://awbphotography.ca/uploads/1/3/0/2/130288317/vanisapimopoz.pdfIn PDF document text
    • http://computer-technology.org/uploads/1/3/0/5/130541424/5913919.pdfIn PDF document text
    • http://xanadu.gallery/uploads/1/3/0/4/130476601/nipujerupajigo.pdfIn PDF document text
    • http://napaac.weebly.com/uploads/1/3/0/2/130273843/bopewol.pdfIn PDF document text
    • http://renosalsa.com/uploads/1/3/0/5/130550903/nurokikagijasi-soxebob-govan.pdfIn PDF document text
    • http://readysetgrowpreschooldaycare.com/uploads/1/3/0/4/130436207/7743615.pdfIn PDF document text
    • http://aimztruly.com/uploads/1/3/0/6/130621826/1284502.pdfIn PDF document text
    • http://nataliemangalindandesign.com/uploads/1/3/0/6/130639129/347634.pdfIn PDF document text
    • http://charlottejackman.com/uploads/1/3/0/4/130489742/zapuvogovoboz-wunesexanev-wagesot.pdfIn PDF document text
    • http://sporttihetki.net/uploads/1/3/0/5/130551033/424534a463e8.pdfIn PDF document text
    • https://pawesixegopidiz.weebly.com/uploads/1/3/0/2/130272094/901db47.pdfIn PDF document text
    • http://bourioanatoliesfilms.net/uploads/1/3/0/5/130540869/130540869.html#mobili%C3%A1rio+de+descarga+mod+para+mineIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001584.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1584 9104 bytes
SHA-256: 3627ed023779270c4f7213b61110802d2dddf08fff5588bda87f90ee6d7928c8