Malicious PDF — malware analysis report

Static analysis result for SHA-256 11d7833e768d3b10…

MALICIOUS

PDF

51.8 KB Created: 2020-12-28 01:40:16 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-07
MD5: 6c21e0b4674215c52dc8ec4394e702c0 SHA-1: 15dead8143017d48b16370f40c0a461b6188dd7d SHA-256: 11d7833e768d3b1045193e174d6090b014d2c0f5edbdcc4fc0bb052a4deaaefe
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV and an ML classifier, and it contains an embedded URI pointing to 'traffine.ru'. While the document body is heavily obfuscated, the presence of the URI suggests an attempt to redirect the user to a phishing or malware distribution site. No scripts were extracted, limiting the analysis of specific execution behaviors.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6878

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffine.ru/strik?utm_term=shelter+island+san+diego+directions PDF link annotation
    • https://cdn.sqhk.co/futidiwe/TdKGFUK/95757193220.pdfIn PDF document text
    • https://cdn.sqhk.co/sanozusu/dKhe6b4/jomaxotopemusozaroju.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4421934/normal_5fa4272599d58.pdfIn PDF document text
    • https://cdn.sqhk.co/sawapevodef/9jjggc8/solozifim.pdfIn PDF document text
    • https://cdn.sqhk.co/ranotigu/hgykLgf/54573408078.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4452594/normal_5fa1a428befcc.pdfIn PDF document text
    • https://cdn.sqhk.co/pevukoza/bhdjeWK/commander_s_palace_new_orleans_25_cent_martinis.pdfIn PDF document text
    • https://s3.amazonaws.com/kelageketisefuv/half_moon_betta_care_sheet.pdfIn PDF document text
    • https://s3.amazonaws.com/donukadizolin/autocad_2008_free_filehippo.pdfIn PDF document text
    • https://s3.amazonaws.com/titugome/sfera_armilarna.pdfIn PDF document text
    • https://s3.amazonaws.com/dudujopixejikug/cdc_influenza_vaccine_information_statement_spanish.pdfIn PDF document text
    • https://s3.amazonaws.com/fedufiporara/chemistry_chapter_10_test_review_answers.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/7f90b213-1078-41cc-abaf-4a27a345d425/conversion_of_to_ppt_free.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.