PDF malware analysis — malicious · 311c06298bcd39be

MALICIOUS

PDF

42.1 KB Created: 2020-10-29 13:10:22 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: e415f68a767bb8440e07852fdf5e13e5 SHA-1: bc2230c72f6f150dbba8989f5279a70526cf4df8 SHA-256: 311c06298bcd39be97b09a0fc028348cab3a38cfc76e469b0cc21b22a6e8dec5

92 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF was flagged by a critical heuristic for linking to known malicious redirector infrastructure. The embedded URL, https://ggtraff.ru/aws?keyword=tokyo+ghoul+kaneki, is likely part of a phishing or malware distribution chain. No scripts were extracted, but the presence of a malicious link strongly suggests a malicious intent, likely spearphishing.

Machine Learning

Nyx PDF Classifier malicious score 0.5259

Heuristics 2

PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://ggtraff.ru/aws?keyword=tokyo+ghoul+kaneki

Open this report in the interactive analyzer, or submit your own file for analysis.