Malicious PDF — malware analysis report

Static analysis result for SHA-256 241a9978624e3f77…

MALICIOUS

PDF

34.0 KB Created: 2020-10-18 06:04:00 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-18
MD5: 681d86daba6b6bebdf279bc8d04e4803 SHA-1: 3ed4818ec1186b99b4a54f0e81ab3fd5aee45d1f SHA-256: 241a9978624e3f7792cb5a9ae4fe0c420468f9aca57ea8c9adc9bd32c6052ba9
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a link to a known malicious redirector infrastructure, indicating an attempt to lure the user to a harmful website. The ML classifier also flagged this PDF with high confidence. While no scripts were extracted, the embedded URL is the primary indicator of malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9947

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cctraff.ru/wb?keyword=factores%20que%20intervienen%20en%20el%20aprendizaje In PDF document text
    • https://cdn-cms.f-static.net/uploads/4366381/normal_5f879e31dfc76.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0268/8126/1750/files/dexter_blood_splatter_art.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0435/4641/1162/files/pep_mp3_downloader_apk.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0491/7306/9990/files/walemajax.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0499/8837/0582/files/scratch_photo_app_android.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0502/9661/9193/files/nitro_7_kuyhaa.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0433/7863/8999/files/lg_g3_battery.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0500/6976/6302/files/pozigenidalomeloxazones.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/e99efdaf-716f-4293-8a09-ba4f6fb04a75/17337830469.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/0a297c88-bc9e-472c-9681-1560faee965b/59345508740.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/a9cb42ef-20fe-4b78-8fc1-580b8f973a4f/55201717513.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/e7c3506e-4875-4194-9495-a4d036d0445d/sumowogesopumesipositumoj.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/47495fd6-6375-4dca-9b1f-6fbb84f2662a/nisute.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/43c86d9f-c0af-4bb6-af94-acfd16bc7d51/buxavuwidutonupare.pdfIn PDF document text