Malicious PDF — malware analysis report

Static analysis result for SHA-256 f7f753600f586db4…

MALICIOUS

PDF

39.3 KB Authoring application: Solid Converter PDF
MD5: 6d9a43e04066315552f46e2aca428713 SHA-1: ca956873d144dc0e8d10d4f6fb9fae375018dd1a SHA-256: f7f753600f586db452489931eddaa150f5049079c31418edf3cedf2b23d65a88
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified as a 'PDF_SEO_LINK_FARM' heuristic. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further suggests a malicious intent, likely related to phishing or traffic redirection. The embedded URLs point to various domains hosting PDF files, indicating a coordinated effort to distribute content or redirect users.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://pezovedos.1331.wtf/uploads/2020/01/28/vejoduve.pdf
    • http://clintonstudio54.com/uploads/1/3/0/6/130621708/8a078d210d6418f.pdf
    • http://sharonthelibrarian.com/uploads/1/3/0/2/130289172/2113294.pdf
    • http://pelosophotography-yearbooks.com/uploads/1/3/0/2/130287284/8597045.pdf
    • http://phoneduke.com/uploads/1/3/0/5/130588419/kovuzawupi.pdf
    • http://smimarketingservices.com/uploads/1/3/0/5/130550805/9390198.pdf
    • http://minigypsyhorse.com/uploads/1/3/0/4/130476033/wupexofa.pdf
    • http://northwestuu.com/uploads/1/3/0/6/130604884/130604884.html#global+competitiveness+report+2011

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001156.bin
e081488d14aa5389befe635895254ec3aa17a72fed4f962c7ef3ae9d1becaf97		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1156 8492 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.