Malicious PDF — malware analysis report

Static analysis result for SHA-256 f2759d3f323c1060…

MALICIOUS

PDF

34.6 KB Authoring application: PDFedit First seen: 2021-01-11
MD5: 07a7f759148c1b1323a77212d54d1a56 SHA-1: 7bbae646cea52357859bb146664d33a1a20d3881 SHA-256: f2759d3f323c10605ebaa11cd21514a25c58ceeaf241672ed557f7fee8300ff1
152 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://nathansdetailing.net/uploads/1/3/0/5/130590508/majapeparetidog_kimipagapiz_rifexapazi_rogis.pdf In PDF document text
    • http://nemapanuva.0706shpps04.fun/uploads/2020/01/27/tusewubo-veviki-ziviku.pdfIn PDF document text
    • http://10k-running.com/uploads/1/3/0/6/130604486/bea36e06.pdfIn PDF document text
    • http://tonurej.bottinnok.xyz/uploads/2020/01/28/1d10fb0391888.pdfIn PDF document text
    • http://misssurfingchef.com/uploads/1/3/0/5/130540795/pexune-tilup.pdfIn PDF document text
    • https://waniwezise.weebly.com/uploads/1/3/0/2/130271139/bowuwabomulabowipebi.pdfIn PDF document text
    • http://xili.speacetech.us/uploads/2020/01/27/xewixulanot.pdfIn PDF document text
    • https://sotakemuguw.weebly.com/uploads/1/3/0/3/130323400/godawelanur_lifenelig.pdfIn PDF document text
    • http://jowukarib.ideibiznesa.biz/uploads/2020/01/27/ca07fc4626.pdfIn PDF document text
    • https://molerufaferu.weebly.com/uploads/1/3/0/3/130313108/wemomede.pdfIn PDF document text
    • http://vipelera.aa52ss.top/uploads/2020/01/28/kiniga.pdfIn PDF document text
    • https://wibejofatazijaz.weebly.com/uploads/1/3/0/2/130291552/rivilalapurewe.pdfIn PDF document text
    • http://ucdemr.com/uploads/1/3/0/3/130313022/nupasolila.pdfIn PDF document text
    • http://peaksmobile.com/uploads/1/3/0/6/130604737/636fcb1c3830040.pdfIn PDF document text
    • http://mfundishijhutymsmdwntchr.weebly.com/uploads/1/3/0/5/130539678/dc71b96.pdfIn PDF document text
    • https://dofufosetari.weebly.com/uploads/1/3/0/4/130436337/87781c4f4a.pdfIn PDF document text
    • http://sfchampions.com/uploads/1/3/0/3/130313603/7c0377.pdfIn PDF document text
    • http://dilmeersaj.com/uploads/1/3/0/5/130551303/vugege.pdfIn PDF document text
    • http://dixadi.ekolutechnologies.com/uploads/2020/01/27/mumulerebebe_bowisug_vadageba_modeje.pdfIn PDF document text
    • http://moikaitrading.com/uploads/1/3/0/6/130604886/130604886.html#bhanga+hrudaya+female+version+odia+songIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000015ab.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x15AB 7908 bytes
SHA-256: e4a3e794654d6b36f3173aded40fbba70645ad3aa32f2b0cd02eeab6395d59a8