PDF malware analysis — malicious · 1bbb0a32e4782156

MALICIOUS

PDF

1.07 MB Created: 2021-04-07 04:30:47 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: 2c5d0d664cc9550243cbf434aa69ea82 SHA-1: c5c7695f38d75c6476645802ae5e1ea3a37eb007 SHA-256: 1bbb0a32e47821561372c61f849141020cda546cd48ee643d2cd3855b3f82080

122 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV and contains a critical heuristic firing for a PDF redirector link pointing to a suspicious URL. The embedded URL is likely part of a phishing or malware delivery scheme, aiming to lure the user to the external site. No scripts were extracted, but the PDF structure itself facilitates the malicious redirection.

Machine Learning

Nyx PDF Classifier clean score 0.0113

Heuristics 3

PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://yafferge.ru/award?keyword=administracion+financiera+pdf+van+horne

Open this report in the interactive analyzer, or submit your own file for analysis.