Malicious PDF — malware analysis report

Static analysis result for SHA-256 f78d033c832fa380…

MALICIOUS

PDF

50.1 KB Authoring application: PDFedit
MD5: 4be720f832910c5013eaba802b055ca8 SHA-1: 2cf874a703a92387b93a3768b500c4b05d83551c SHA-256: f78d033c832fa38022625318d2bf670126aad6f729ae7b5f844644c9e8083e4a
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to other PDFs. This is a common technique for distributing phishing content or redirecting users to malware download sites. The ClamAV detection further confirms its malicious nature. The embedded URLs are the primary indicators of compromise, suggesting a link farm used for SEO poisoning or traffic redirection.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://lsgreenclean.com/uploads/1/3/0/6/130604772/425624.pdf
    • http://survivingmentalhealth.com/uploads/1/3/0/7/130738741/jowepatuwan_nemidinujanaj_nufotegupejo_wedasenitajo.pdf
    • http://sillycibin.com/uploads/1/3/0/4/130488626/db5f81feab217.pdf
    • http://hillingdonmotors.com/uploads/1/3/0/7/130775211/6455890.pdf
    • http://tachyonreport.com/uploads/1/3/0/7/130738714/fa8734.pdf
    • http://wojimbo.com/uploads/1/3/0/5/130540072/e5fbd8795eb.pdf
    • http://getyageekon.com/uploads/1/3/0/7/130775607/bobitanutuvazezag.pdf
    • http://artisanalbooty.com/uploads/1/3/0/5/130543006/vevawipixiniloxep.pdf
    • http://commercialleasenegotiation.net/uploads/1/3/0/3/130379311/rilelulerimirizud.pdf
    • http://sparkmediasf.com/uploads/1/3/0/4/130488282/gapepugefopu_jejilom_gawunuxidik_losobojixumol.pdf
    • http://vaccin8apparel.com/uploads/1/3/0/6/130639177/kududajebuxi_vudofuwamelefax_tumozujet.pdf
    • http://craftedbykerri.com/uploads/1/3/0/5/130550961/b93f3c80.pdf
    • http://diskyoto.jp/uploads/1/3/0/5/130588997/7035939.pdf
    • http://crhardscape.com/uploads/1/3/0/6/130620927/bigosuf.pdf
    • http://hbcwetaskiwin.com/uploads/1/3/0/3/130323527/jutivazuxijufotaw.pdf
    • http://uwhqsc.org/uploads/1/3/0/6/130605430/razuwozanunebudosiwu.pdf
    • http://www.justsweetlovela.com/uploads/1/3/0/6/130605036/paratugezatexa.pdf
    • http://msusnackbox.com/uploads/1/3/0/2/130288722/segevizojevojojebo.pdf
    • http://mini-infotech.com/uploads/1/3/0/3/130379447/991531.pdf
    • http://coldstreamsweetsandtreats.com/uploads/1/3/0/6/130620313/8cf90d512bc75.pdf
    • http://conquermarketing.org/uploads/1/3/0/4/130476276/mibixelapimoxavumev.pdf
    • http://chloedaniellewhite.com/uploads/1/3/0/6/130639863/8630475.pdf
    • http://wehelphomes.com/uploads/1/3/0/6/130640027/7183851.pdf
    • http://tradingblockadvisors.com/uploads/1/3/0/3/130313230/pudapukajoko_kafopikapiziki.pdf
    • http://liluscott.com/uploads/1/3/0/7/130776253/130776253.html#gre+word+list+audio

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000478e.bin
1d1fa5121415f8f5353993473374918b9d2a38f433752094af4cce5d3be72c8c		 pdf-font-stream PDF embedded font (sfnt) at offset 0x478E 16312 bytes
font_01_sfnt_off0000602b.bin
39052242431fefdc3067e8752687597e6f5615dc322a65deb08164145da81ce0		 pdf-font-stream PDF embedded font (sfnt) at offset 0x602B 8204 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.