Malicious PDF — malware analysis report

Static analysis result for SHA-256 464d749842875502…

MALICIOUS

PDF

58.4 KB Created: 2020-12-06 09:29:28 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: c5b335b062db7810b4cbf6a31b8116c3 SHA-1: b3c6e2198c07e70a15a40cb753f421f143b3cc68 SHA-256: 464d7498428755020a8b2a8630dc3eb84ef2a7a2ef1b4624450d4fe58dba06fa
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a malicious redirector link pointing to 'https://cctraff.ru/aws?utm_term=cambridge+6+listening+test+1+answers'. The document body, though heavily obfuscated, appears to reference 'Cambridge 6 listening test 1 answers', suggesting a lure. The ML classifier and ClamAV detection further support the malicious nature of this PDF.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8850

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cctraff.ru/aws?utm_term=cambridge+6+listening+test+1+answers
    • https://static.s123-cdn-static.com/uploads/4379217/normal_5fc46dbe1cf1d.pdf
    • https://static.s123-cdn-static.com/uploads/4490001/normal_5fcb675e2a241.pdf
    • https://cdn-cms.f-static.net/uploads/4366344/normal_5f8a070fefbd3.pdf
    • https://cdn-cms.f-static.net/uploads/4389353/normal_5f9da5eb12a6d.pdf
    • https://cdn-cms.f-static.net/uploads/4420743/normal_5f967322c48b2.pdf
    • https://static1.squarespace.com/static/5fc0e9036b97992eb55c1f46/t/5fc1e45a9d79364840d25ee4/1606542427156/olangal_malayalam_movies_site.pdf
    • https://uploads.strikinglycdn.com/files/44b63ace-2951-4998-b2dd-ffa6f8dc6957/2000_mb_ile_to_gb.pdf
    • https://uploads.strikinglycdn.com/files/97f7505b-a8b8-48e1-b9de-a3e79630d869/11205763391.pdf
    • https://static1.squarespace.com/static/5fc5045d2e537a05ef237332/t/5fc7e9eb1f487d446b17c0df/1606937068071/nail_salon_prices_2020.pdf
    • https://uploads.strikinglycdn.com/files/66dacfe4-1b1b-4e98-9590-a53838019ac8/kubef.pdf
    • https://static1.squarespace.com/static/5fc7aad65fa98a681f0fdb69/t/5fc9a5a2e4017829c165fbf7/1607050658483/nukeout_apk_download.pdf
    • https://static1.squarespace.com/static/5fc1480d27a199023ab7f389/t/5fc6d424a907d7439cc7f2bf/1606865957909/high_speed_chase_today_ohio.pdf
    • https://static1.squarespace.com/static/5fc06ecff7cf8c75402886b4/t/5fca8c4a8e83f251611564f6/1607109706411/race_3d_game_apk.pdf
    • https://static1.squarespace.com/static/5fc0d70dc14dfd36fef128e0/t/5fc1d8084e98326c0253ff32/1606539276094/94682567971.pdf
    • https://uploads.strikinglycdn.com/files/c3210ce5-75de-49b9-8d0e-87cd92067160/silver_leotard_near_me.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.