Malicious PDF — malware analysis report

Static analysis result for SHA-256 23d744c1149b4495…

MALICIOUS

PDF

32.6 KB Created: 2020-10-26 10:13:29 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 0d93953c7e590b9cb7415bc4673f938c SHA-1: 557808c9eb033eeff67a50d5834409b289eb7cb0 SHA-256: 23d744c1149b4495d3a4bab425ca81703b6d68f93097cedd0dc032de195a1990
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF contains a critical heuristic firing indicating it links to known malicious redirector infrastructure. The embedded URL, https://gettraff.ru/aws?keyword=pm+awas+yojana+form+in+hindi+pdf, is the primary indicator of malicious intent. While no scripts were extracted, the PDF structure and the malicious URL strongly suggest a phishing or malware delivery attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9990

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gettraff.ru/aws?keyword=pm+awas+yojana+form+in+hindi+pdf
    • https://cdn-cms.f-static.net/uploads/4368989/normal_5f89144ecb3bc.pdf
    • https://cdn-cms.f-static.net/uploads/4411229/normal_5f93e77f4e4c0.pdf
    • https://cdn-cms.f-static.net/uploads/4365570/normal_5f8769093addf.pdf
    • https://cdn-cms.f-static.net/uploads/4369646/normal_5f88141026681.pdf
    • https://cdn-cms.f-static.net/uploads/4375517/normal_5f93493dc7d17.pdf
    • https://cdn-cms.f-static.net/uploads/4368238/normal_5f92e655dd5d1.pdf
    • https://cdn-cms.f-static.net/uploads/4384295/normal_5f8edc9970866.pdf
    • https://cdn-cms.f-static.net/uploads/4369161/normal_5f8b601021803.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • https://uploads.strikinglycdn.com/files/5913fbd3-3181-431e-ab22-93ceea17475f/7153408584.pdf
    • https://uploads.strikinglycdn.com/files/fa3b6b03-4090-4669-8622-6712a3a921cf/kanumevawimut.pdf
    • https://uploads.strikinglycdn.com/files/cccaffb1-b983-45ca-915d-50119c366014/pouvoirs_d27attraction_tome_5_ekladata.pdf
    • https://s3.amazonaws.com/gotijejaj/jozovevakumopufufodowupa.pdf
    • https://s3.amazonaws.com/sulasatevirexo/82868063719.pdf
    • https://s3.amazonaws.com/rovikibixu/tratamiento_nutricional_para_cancer_de_colon.pdf
    • https://uploads.strikinglycdn.com/files/4d7bd4ee-61e5-48fe-b216-43824322d4e5/33808164320.pdf
    • https://uploads.strikinglycdn.com/files/19888544-58c3-45f3-b00b-b271c05f7f71/25595318467.pdf
    • https://uploads.strikinglycdn.com/files/5482ced8-b819-4911-bbef-3fb2cba6cc70/90714372840.pdf
    • https://uploads.strikinglycdn.com/files/b61de683-a8f4-4acc-bce8-955ddd835a54/pexorugas.pdf
    • https://s3.amazonaws.com/faluzotixupi/international_business_bcom_hons_book.pdf
    • https://s3.amazonaws.com/tetazino/ways_of_the_world_3rd_edition_chapter_19.pdf
    • https://s3.amazonaws.com/lixuzo/calendar_2019_india_gujarati.pdf
    • https://s3.amazonaws.com/forupokisip/51878772353.pdf
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00005e65.bin
0ebd61dabd7ad8ed9856fda35f677a806f1f879feec42cae0ff933076a04ea95		 pdf-font-stream PDF embedded font (sfnt) at offset 0x5E65 5520 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.