Malicious PDF — malware analysis report

Static analysis result for SHA-256 150593df2457ab5f…

MALICIOUS

PDF

37.6 KB Created: 2020-10-14 05:26:29 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 3e2343935fcb80f04fbecf49894dcbc3 SHA-1: 111b779cad7001be5ac795a875677acf5b9dc93f SHA-256: 150593df2457ab5fec69dc180f56d205892ee4431fb875076fc34a033b0a1e35
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF contains a link to a known malicious redirector infrastructure, which is designed to lead users to malicious content. The document body, though heavily obfuscated, contains a URL that mirrors the malicious redirector's target. This suggests the primary purpose is to trick users into visiting a harmful website.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9995

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cctraff.ru/strik?keyword=social+science+class+9+cbse+pdf
    • https://jakedekokobara.weebly.com/uploads/1/3/1/3/131381480/wozumadaku-mukevewurovebu-nefebo.pdf
    • https://bedizegoresupa.weebly.com/uploads/1/3/1/3/131379398/837046.pdf
    • https://zoxuzuxebexot.weebly.com/uploads/1/3/0/9/130969059/dekefomivupe-kovak-talajonipa-fedebiraroz.pdf
    • https://vuxozajuje.weebly.com/uploads/1/3/1/3/131379873/rotesojelunemiroto.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • https://uploads.strikinglycdn.com/files/1545a713-eb34-4a02-9888-35854e650fbe/63812382865.pdf
    • https://uploads.strikinglycdn.com/files/a8750163-7a13-4ecb-9ed0-9c847b8f657c/mewegupiliganogimedon.pdf
    • https://uploads.strikinglycdn.com/files/a92c01d3-5cf4-469a-8d08-5b6dcaa33e55/61532089813.pdf
    • https://uploads.strikinglycdn.com/files/4a11e9f6-d6c1-43f8-a3d1-6f07f0d02da4/safedujitepanotok.pdf
    • https://uploads.strikinglycdn.com/files/2b73cb88-cb13-4c0b-9081-4dab3a954dcb/99835916934.pdf
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00007d5d.bin
7ed7a69a1c1db32787e6d2087a46bb0a8eb9d1f9d6a666f8f8b0261d4c9b70e4		 pdf-font-stream PDF embedded font (sfnt) at offset 0x7D5D 5452 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.