Malicious PDF — malware analysis report

Static analysis result for SHA-256 53d646126bb21ba1…

MALICIOUS

PDF

52.6 KB Created: 2020-11-14 00:12:11 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: ecf75df81a5070d9fa2cffec9125dbd4 SHA-1: 74a8e61c7582e3b0559ed71e3b270997cde0d484 SHA-256: 53d646126bb21ba1c0ae4d4e86617a45b48cd8f7b6a647ed51fa222653411628
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document containing a link to a known malicious redirector. The document body text, though heavily obfuscated, appears to be a lure related to 'Ayurveda mcq books pdf'. The presence of a malicious redirector URL strongly suggests a phishing or credential harvesting attempt, likely delivered as a spearphishing attachment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7185

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ggtraff.ru/aws?utm_term=ayurveda+mcq+books+pdf
    • https://cdn-cms.f-static.net/uploads/4487888/normal_5fa86d92dffdd.pdf
    • https://cdn-cms.f-static.net/uploads/4375716/normal_5f9e8a4ea06c8.pdf
    • https://s3.amazonaws.com/xipavir/43193526378.pdf
    • https://s3.amazonaws.com/rekibedafowow/48005042695.pdf
    • https://uploads.strikinglycdn.com/files/229d93c9-6ef4-4fa2-b051-e336459b923b/68765386225.pdf
    • https://uploads.strikinglycdn.com/files/48cf6b41-d7ee-4d91-af3f-eecf3813cc0f/mxq_pro_firmware_update_2017.pdf
    • https://s3.amazonaws.com/mibiwivanetuj/99412395670.pdf
    • https://s3.amazonaws.com/henghuili-files/tic_tecnologia_da_informao_e_comunicao.pdf
    • https://uploads.strikinglycdn.com/files/6aa9beb4-db3f-439e-a578-3d3814dee5bd/sample_career_development_plan_worksheet.pdf
    • https://s3.amazonaws.com/kigavanus/solving_fraction_equations_addition_and_subtraction.pdf
    • https://s3.amazonaws.com/bokofapig/15546815456.pdf
    • https://s3.amazonaws.com/tiluwisulepam/wogipunidagofagirika.pdf
    • https://uploads.strikinglycdn.com/files/98bf44a2-021e-4c5c-91a0-5156ac236a26/empachado_en_ingles.pdf
    • https://s3.amazonaws.com/sugaguxagu/equidad_e_inclusin_educativa.pdf
    • https://s3.amazonaws.com/nijudow/kovatuxosanemotevemiruvif.pdf
    • https://uploads.strikinglycdn.com/files/d5a35aa9-efe0-4170-813b-93560c32209c/sutov.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.