Malicious PDF — malware analysis report

Static analysis result for SHA-256 02ca6ef37275874a…

MALICIOUS

PDF

34.7 KB Created: 2020-10-28 18:44:49 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: cac4b0c0f01afa73b125f6f6a0106686 SHA-1: 172bb0c6a38f334b66f6c15229bbe29a3c1e05c2 SHA-256: 02ca6ef37275874ad1a365e8446444958d3fa8eb16e6d4f2e74d3a9912fa9820
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF contains a critical heuristic firing indicating it links to known malicious redirector infrastructure. The embedded document body text, though heavily obfuscated, contains a URL that matches the one flagged by the heuristic. This suggests the document is designed to lure users to a malicious site, likely for phishing or malware delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ggtraff.ru/aws?keyword=djpunjab+new+song+2015+download+mp3
    • https://veborikaja.weebly.com/uploads/1/3/4/3/134317734/193e737f8e3f.pdf
    • https://wovasemuzusalej.weebly.com/uploads/1/3/1/6/131636629/c14d326.pdf
    • https://winomumamo.weebly.com/uploads/1/3/1/0/131070375/7db18b9465.pdf
    • https://tubenuluni.weebly.com/uploads/1/3/1/4/131437864/begaxu-pukevifiliwumu-koxakukume-sirenefede.pdf
    • https://rukinedofixod.weebly.com/uploads/1/3/4/3/134348838/6787318.pdf
    • https://cdn-cms.f-static.net/uploads/4367951/normal_5f8ce5a1edf47.pdf
    • https://dejolezeg.weebly.com/uploads/1/3/2/8/132815968/b4ab5e6.pdf
    • https://cdn-cms.f-static.net/uploads/4366336/normal_5f8d98c01d0e4.pdf
    • https://cdn-cms.f-static.net/uploads/4372382/normal_5f88aeb63c1ee.pdf
    • https://gesurori.weebly.com/uploads/1/3/4/3/134353915/b04ed26.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • https://uploads.strikinglycdn.com/files/81f1a636-a58f-4122-b4b9-212ba7a37805/mesakegapirelose.pdf
    • https://uploads.strikinglycdn.com/files/f303fb0e-d5cf-421f-9b46-fcd3f9d75298/burnout_paradise_apunkagames.pdf
    • https://uploads.strikinglycdn.com/files/a9e046a5-2a5b-4f48-8541-dabeb83f7d63/70402594244.pdf
    • https://s3.amazonaws.com/henghuili-files2/endodontics_principles_and_practice_free_download.pdf
    • https://s3.amazonaws.com/gurowozenupifi/greenhouse_effect_project.pdf
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00006c91.bin
0819dddfdd2566db8a077dc243cdd1e24ca6693d2fa19e09ba30328704450225		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6C91 6104 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.