Malicious PDF — malware analysis report

Static analysis result for SHA-256 2dbe729aec6fbcd9…

MALICIOUS

PDF

52.6 KB Created: 2020-12-07 09:00:03 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 75991373417808ad9faa6030cede0420 SHA-1: 5cdb70a0a8c98d7305753019ace117ce34783a0f SHA-256: 2dbe729aec6fbcd972222623c2eb7e329ae0e6249848c6b7c6624ff02f7d57bf
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a link to a known malicious redirector infrastructure, indicating a phishing or malware distribution attempt. The ML classifier and ClamAV detection strongly support its malicious nature. Although no scripts were extracted, the presence of a malicious URL is a high-priority indicator.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9612

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffmen.ru/aws?utm_term=earthbound+official+guide+pdf
    • https://cdn-cms.f-static.net/uploads/4370057/normal_5fc160e4a8e70.pdf
    • https://cdn-cms.f-static.net/uploads/4447662/normal_5f9ef57d7be33.pdf
    • https://cdn-cms.f-static.net/uploads/4422136/normal_5f9cab4acdc0c.pdf
    • https://uploads.strikinglycdn.com/files/fff32f05-7307-4b85-bf43-eb9ef2c50b6a/youtube_download_link_generator.pdf
    • https://static1.squarespace.com/static/5fc537ce3398ff75154a1c50/t/5fc90f5c145f137e268f3362/1607012189300/ninigedadiwixazanisazujug.pdf
    • https://s3.amazonaws.com/zamuriza/waxejojisap.pdf
    • https://s3.amazonaws.com/xoxaneral/arc_length_sector_area_segment_area_worksheet.pdf
    • https://s3.amazonaws.com/xaliwalufoguni/29910606774.pdf
    • https://s3.amazonaws.com/xapidajovaji/2012_mustang_v6_oil_change.pdf
    • https://uploads.strikinglycdn.com/files/9e6463fb-8ebd-44be-bb8e-b1f4f93b7d27/minitab_17_free_download_product_key.pdf
    • https://s3.amazonaws.com/zerejibixupav/1923_silver_dollar_value_today_high.pdf
    • https://s3.amazonaws.com/gogoxowiniza/dilumexusarogepogefexukug.pdf
    • https://static1.squarespace.com/static/5fc57748a13a450bab133b8c/t/5fca9a28fb11e56e6436220a/1607113257710/top_songs_of_the_70s_billboard.pdf
    • https://s3.amazonaws.com/dedinavesute/57080775884.pdf
    • https://s3.amazonaws.com/wifukedot/cicerone_guide_books.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.