PDF malware analysis — malicious · 14b73c2c96c7fcef

MALICIOUS

PDF

415.4 KB Created: 2021-02-08 06:19:37 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-05

MD5: da1e7b9b99709bef0c98a4b27c0a398c SHA-1: df0c0338f24821507b7c4cc85a3afe104205ed77 SHA-256: 14b73c2c96c7fcefa38d423468412f9d38e65c9212b45565e8dcba8f53b6f5d1

122 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file contains a critical heuristic firing indicating a link to known malicious redirector infrastructure. The embedded URL 'https://yafferge.ru/aws?utm_term=abstract+nouns+worksheet+for+grade+8' is the primary indicator of malicious intent. This suggests the document is designed to lure users to a compromised or malicious site, likely for phishing or to download further malicious content.

Machine Learning

Nyx PDF Classifier clean score 0.0092

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://yafferge.ru/aws?utm_term=abstract+nouns+worksheet+for+grade+8 In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.