Malicious PDF — malware analysis report

Static analysis result for SHA-256 f75ea6c6de792285…

MALICIOUS

PDF

77.6 KB Created: 2021-03-29 23:03:24 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 0e731e3a6827bb9a17fb10f384ebbfc2 SHA-1: 196f6f4acd05c6098c5b7b63d06e81bb26239e6e SHA-256: f75ea6c6de792285efe4993c6f7f3d7dfb104acf5ea8c69594a9fa79318ec8d9
98 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9991

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
    ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://botokaw.ru/aws?utm_term=how+to+make+manufacturing+more+efficient
    • https://xepudala.weebly.com/uploads/1/3/4/7/134737014/devipufusodekigego.pdf
    • https://cdn.sqhk.co/dusaradezat/bOBI8RW/ninja_running_gif.pdf
    • https://cdn.sqhk.co/wujukipako/ugcyrD9/imdb_movies_2020_hollywood.pdf
    • https://cdn.sqhk.co/soxobiwefili/jghjhjV/mofabepeleberapivar.pdf
    • https://cdn.sqhk.co/xejadukoxeta/LjgxgcV/61461791617.pdf
    • https://vogapixafaroge.weebly.com/uploads/1/3/4/2/134234717/8525211.pdf
    • https://tifutijije.weebly.com/uploads/1/3/2/6/132682998/9724815.pdf
    • http://fuzuwozozat.mypressonline.com/example_of_acknowledgement_for_project.pdf
    • https://lulotileja.weebly.com/uploads/1/3/0/8/130873917/safov-dikogojuzit-wezaxopiruxu.pdf
    • https://lejawoxaniw.weebly.com/uploads/1/3/0/7/130738778/7903322.pdf
    • https://cdn.sqhk.co/soxuxopova/fy5haie/nugupolakufititonopovuli.pdf
    • http://fakixigulidol.mywebcommunity.org/font_psychology_in_logo_design.pdf
    • https://uploads.strikinglycdn.com/files/048de4e0-d12d-4847-9c1b-71a8458bfc6e/html_basic_tutorial_in_hindi_for_beginners.pdf
    • https://uploads.strikinglycdn.com/files/c5732c7c-094d-43e8-b92d-bee6da8c8e81/lattissima_plus_vs_pro.pdf
    • https://a2876ee3-c470-454a-91e2-e108d831033a.filesusr.com/ugd/e8dba5_d07bdb5d7f0544f99fc7094bc697135a.pdf?index=true
    • https://uploads.strikinglycdn.com/files/1348cbe9-06ab-447a-b595-1782a9384ac4/god_of_war_4_novel.pdf
    • https://5b2b9875-3923-4577-9ef6-0527498c95e7.filesusr.com/ugd/4e6dd5_ff3abfc363ad4abf99af57d5564c7188.pdf?index=true
    • https://uploads.strikinglycdn.com/files/92cd2a00-afb9-45ce-a0a6-377a72e7f19f/unable_to_control_gestational_diabetes_with_diet.pdf
    • https://uploads.strikinglycdn.com/files/610b7ab2-3bf2-42d3-a9a5-4df58140f4a5/how_to_use_aux_remote_control_for_air_conditioner.pdf
    • https://f79c4d19-9b07-4ca9-ba82-4f938217db57.filesusr.com/ugd/c0d3e8_2df2bd814dca4efbbb72c8aa412e873d.pdf?index=true
    • https://uploads.strikinglycdn.com/files/717718bf-29ba-4dca-9c40-5cae2d6238b3/31744443166.pdf
    • https://c4e42e93-254c-4ba8-b495-737f84002742.filesusr.com/ugd/ddb60a_9e95b7758771411ea235dcdb47e9df11.pdf?index=true
    • https://uploads.strikinglycdn.com/files/bc7be6d9-3e52-413c-9a0d-efd47940960f/are_onkyo_av_receivers_good.pdf
    • https://b3159766-6c8b-4733-a97d-e59ef6783693.filesusr.com/ugd/21851e_5c6438d4d62d41d4909dc8244f3121bd.pdf?index=true
    • https://uploads.strikinglycdn.com/files/86f7d02f-ccf6-493e-9ee2-b420e0982a96/what_are_the_duties_of_a_woman_in_marriage.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.