Malicious PDF — malware analysis report

Static analysis result for SHA-256 f40785d92517091b…

MALICIOUS

PDF

108.4 KB Created: 2021-03-21 03:08:43 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 46b1ef15068f9d660aaed723dbacdc83 SHA-1: d50747296de0879e12f758b4ef8c3733ad653991 SHA-256: f40785d92517091b61fbb2bfebef712cc157b66e9861b54ca548f61fd8fea1d5
154 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The file contains a large number of external links, suggesting it is part of a link farm or phishing campaign. The embedded URLs, such as 'https://botokaw.ru/aws?utm_term=sony+sa+w2500+manual', are likely used to redirect users to malicious sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9312

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://botokaw.ru/aws?utm_term=sony+sa+w2500+manual
    • https://cdn.sqhk.co/sitopizol/FNQPGie/mesodupaxesisavate.pdf
    • https://cdn.sqhk.co/juzurupivepo/sifjbmi/67497218866.pdf
    • https://nitegira.weebly.com/uploads/1/3/1/0/131071289/gatasodobed_davuxo.pdf
    • https://telidububiz.weebly.com/uploads/1/3/1/4/131452987/farurifade.pdf
    • https://cdn-cms.f-static.net/uploads/4366306/normal_60139cf041ebe.pdf
    • https://xejuxomezul.weebly.com/uploads/1/3/1/6/131637030/peketelusix_wosibobim.pdf
    • https://jabasamivesapev.weebly.com/uploads/1/3/4/0/134041177/7424132.pdf
    • https://kunewosixur.weebly.com/uploads/1/3/4/3/134393142/sawapuloki.pdf
    • https://cdn.sqhk.co/jomonufo/ibhadkW/1920x1080_wallpaper_hd_4k_cars.pdf
    • https://sopunarexij.weebly.com/uploads/1/3/1/8/131857112/fuxevijurazes.pdf
    • https://cdn.sqhk.co/fubafonu/ig0hejh/catfish_movie_angela.pdf
    • https://cdn.sqhk.co/woxemevimox/hciKOhb/stick_it_to_the_man_game_length.pdf
    • https://pisilobeko.weebly.com/uploads/1/3/4/7/134728547/8c67d6.pdf
    • https://cdn.sqhk.co/bozawenibiwa/dhf1rLj/vojejo.pdf
    • https://buvisipafen.weebly.com/uploads/1/3/4/4/134401595/55a47b.pdf
    • https://static.s123-cdn-static.com/uploads/4421460/normal_5fec6761494e6.pdf
    • https://cdn.sqhk.co/kupulifip/bPiejdp/misaduk.pdf
    • https://zivukiwele.weebly.com/uploads/1/3/4/7/134749768/2562937.pdf
    • https://cdn.sqhk.co/fojufifef/hgjcoji/xipololaburenow.pdf
    • https://44eeb0f0-4dc9-4d8b-b3fd-cc7ace98e90e.filesusr.com/ugd/a083a1_14bc7fa408904ad3b61d8fc675f5c868.pdf?index=true
    • https://562c2315-396f-49d1-9e45-1236e049cb13.filesusr.com/ugd/ec0012_c91653006e434327b6f9b9049952034d.pdf?index=true
    • https://f4dd034e-00c7-465c-b850-fb2d75accad5.filesusr.com/ugd/769f78_d4bc0fd52ee04c1b9c443a8d9be40cba.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.