Malicious PDF — malware analysis report

Static analysis result for SHA-256 f0a8d43222d23d33…

MALICIOUS

PDF

79.6 KB Created: 2021-03-30 07:12:26 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 113bc7052602951a91a52881d896bd84 SHA-1: 71c3a6ece3be1c1b8dd8a1d160c274b423b37c0c SHA-256: f0a8d43222d23d33ed70bbc70b2c5fe476de43bac564c6e1211b6453c70f9089
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jumiwimov.ru/strik?utm_term=the+castle+kafka+synopsis
    • https://janewabogub.weebly.com/uploads/1/3/4/4/134483822/5c827714cc3d.pdf
    • https://pigukoziluluz.weebly.com/uploads/1/3/4/8/134896600/nipipalefuvo.pdf
    • https://tilideru.weebly.com/uploads/1/3/4/5/134589764/kixofubejiwafawixo.pdf
    • https://danuredotur.weebly.com/uploads/1/3/2/8/132814989/3787719.pdf
    • https://gikositaga.weebly.com/uploads/1/3/4/7/134773380/xidepinuwesimem-jipaku-marezeribajo-domorejasanobed.pdf
    • https://gedokepapivit.weebly.com/uploads/1/3/4/4/134464903/aef5f2a7c918c.pdf
    • https://xajapimiwumorav.weebly.com/uploads/1/3/0/7/130739235/fb6d7c701.pdf
    • https://gofazawadatefit.weebly.com/uploads/1/3/5/3/135349405/nipuf.pdf
    • https://zanobevaduj.weebly.com/uploads/1/3/2/6/132682049/b69c68.pdf
    • http://wersita.fun/huawei_google_play_store_pendingjlcl7.pdf
    • http://biomanua.website/gupivorixisi3yeak.pdf
    • https://s3.amazonaws.com/kudufigunabi/90159323396.pdf
    • https://2c5a832e-93c4-4ab0-bef0-969ef348d747.filesusr.com/ugd/cc5daa_89b1dc59ae0e46e5ba80d1f2a0dd9536.pdf?index=true
    • https://7f3356c1-ec1f-498a-9d41-5b36c14d87b7.filesusr.com/ugd/98d33d_f572944ef7404b12908d0e2e485c2690.pdf?index=true
    • https://eaae50f7-3b1c-4f1b-9b3c-e2a48377569d.filesusr.com/ugd/b96e41_e34f9a7b6d1448ddb81abdaba7d832e2.pdf?index=true
    • https://uploads.strikinglycdn.com/files/317a5cba-b70c-4208-b05d-87f0115da601/kanemekemodalinem.pdf
    • https://uploads.strikinglycdn.com/files/512ea905-565a-4a25-917b-a160cb24e1fa/introduction_to_plant_biotechnology_hs_chawla_free_download.pdf
    • https://s3.amazonaws.com/bezutu/zarigokexusawuwugatetiwo.pdf
    • https://uploads.strikinglycdn.com/files/f35d543c-115f-420c-b9e0-730898db7d93/merchant_of_venice_sparknotes_translation.pdf
    • https://s3.amazonaws.com/tixeligufokup/facebook_live_video_from_group.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.