Malicious PDF — malware analysis report

Static analysis result for SHA-256 2a64c6d1928bff15…

MALICIOUS

PDF

24.6 KB Created: 2020-10-24 05:11:39 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 182f31b54e74ae98b1fec31ec7eb4da8 SHA-1: 80fbcc723045c15357b91386841778bdb33334dc SHA-256: 2a64c6d1928bff15dca5f48eaeb7bdad9efff3db15f27f1abeb49405702f7065
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous links, many of which point to external PDF files hosted on Weebly. The primary link redirects to a malicious infrastructure, suggesting a phishing or malware distribution attempt. The document body itself is heavily obfuscated and appears to be a lure, referencing a Quran translation to entice clicks.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9988

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ttraff.cc/aws?keyword=al+quran+with+bangla+pronunciation+and+translation+pdf
    • https://keniwuki.weebly.com/uploads/1/3/1/4/131483234/tebavu_mofevuz_punoxibera_gijipomole.pdf
    • https://dofazodasi.weebly.com/uploads/1/3/0/8/130873943/1bc4307cb5d.pdf
    • https://ranerenonosojib.weebly.com/uploads/1/3/1/4/131483420/pozakexobufiv.pdf
    • https://cdn-cms.f-static.net/uploads/4387810/normal_5f91efd38519d.pdf
    • https://getedizexagan.weebly.com/uploads/1/3/0/7/130740146/kuxubiwonofesad_rinakegifufezi_vogodiso.pdf
    • https://sukuvigu.weebly.com/uploads/1/3/4/2/134236057/kaxipol.pdf
    • https://jawasolasazilem.weebly.com/uploads/1/3/1/3/131379174/gevoderovepiru.pdf
    • https://zimiduninu.weebly.com/uploads/1/3/1/6/131637103/4378045.pdf
    • https://tubenuluni.weebly.com/uploads/1/3/1/4/131437864/supufem.pdf
    • https://kobizixudowizeb.weebly.com/uploads/1/3/4/4/134402546/sibaxatoga.pdf
    • https://fodezamu.weebly.com/uploads/1/3/1/4/131407453/5792387.pdf
    • https://jawowigo.weebly.com/uploads/1/3/0/7/130774982/4765241.pdf
    • https://tudupumodowi.weebly.com/uploads/1/3/1/4/131406798/nenanofot.pdf
    • https://fijojonibiw.weebly.com/uploads/1/3/2/6/132681787/jibigamefomoni.pdf
    • https://cdn-cms.f-static.net/uploads/4374521/normal_5f8acb27747a2.pdf
    • https://cdn-cms.f-static.net/uploads/4367279/normal_5f8c0ee968742.pdf
    • https://cdn-cms.f-static.net/uploads/4375908/normal_5f90493248b24.pdf
    • https://cdn-cms.f-static.net/uploads/4368225/normal_5f8a6f0194f4e.pdf
    • https://cdn.shopify.com/s/files/1/0268/7411/8325/files/synopsis_format_for_bca_project.pdf
    • https://cdn.shopify.com/s/files/1/0496/3926/0309/files/st_ignatius_high_school_tuition.pdf
    • https://cdn.shopify.com/s/files/1/0440/7597/4821/files/simac_il_gelataio_1600_manual.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.