Malicious PDF — malware analysis report

Static analysis result for SHA-256 124619bec514972f…

MALICIOUS

PDF

354.1 KB Created: 2015-08-22 08:54:08 +03:00 Authoring application: wkhtmltopdf 0.12.2.4 (via Qt 4.8.6)
MD5: cc8996c122e98ef1970fe6f10f9ab6be SHA-1: f93921d62a4f18bf65b7ee1c469f32e5a752f6c2 SHA-256: 124619bec514972f01499d354babd10b0520366ce649ec57b26a95eec2142228
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains an embedded link that is flagged as a malicious redirector. The document body, though heavily obfuscated, contains keywords related to downloading a game ('gta 4 eflc 1120 rus'), suggesting a lure to trick users into visiting the malicious URL. No scripts were extracted, but the presence of a malicious link indicates a high likelihood of phishing or malware delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://botcraftman.ru/?lip&keyword=%D1%81%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C+%D0%BF%D0%B0%D1%82%D1%87+%D0%B4%D0%BB%D1%8F+gta+4+eflc+1120+rus&charset=utf-8
    • http://img0.liveinternet.ru/images/attach/c/6//4674/4674492_egye_po_russkomu_yazuyku_2015_4_klass_s_otvetami.pdf
    • http://img0.liveinternet.ru/images/attach/c/6//4674/4674459_skachat_zumu_besplatno_na_kompyuter_bez_ogranicheniya_vremeni.pdf
    • http://img0.liveinternet.ru/images/attach/c/6//4674/4674514_shporuy_po_istorii_egye_2015.pdf

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00053dbd.bin
3be18609f3222abff0ffb72c0ef5f8ef6113b74305602b01fabcebfd7c5185ba		 pdf-font-stream PDF embedded font (sfnt) at offset 0x53DBD 10576 bytes
font_01_sfnt_off00055b71.bin
b136674590ae21e778956f61c6ab2f3f69043e4373537d7cac7f9fa4c07ca658		 pdf-font-stream PDF embedded font (sfnt) at offset 0x55B71 14296 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.