Malicious PDF — malware analysis report

Static analysis result for SHA-256 5772bb68b9047a49…

MALICIOUS

PDF

41.1 KB Created: 2020-10-28 22:32:47 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 3e884a8f1f51d05bb66a824fec1c5575 SHA-1: 1cc1a50802c95304399ccfae7b4d306d7e8c5119 SHA-256: 5772bb68b9047a4944e0729aa0a5cb12ff1b56618792587154db24133471f237
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a malicious redirector link and a link farm, indicating an attempt to direct users to malicious infrastructure. The embedded URL points to a redirector that likely serves as a lure or distributes further payloads. While no scripts were extracted, the PDF structure and embedded links strongly suggest a malicious intent to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9984

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gettraff.ru/strik?keyword=top+1v1s+tk
    • https://cdn-cms.f-static.net/uploads/4374359/normal_5f96fe24b0f38.pdf
    • https://cdn-cms.f-static.net/uploads/4374181/normal_5f891af629b94.pdf
    • https://cdn-cms.f-static.net/uploads/4378405/normal_5f8ce2b2b9007.pdf
    • https://cdn-cms.f-static.net/uploads/4384645/normal_5f956ba617f26.pdf
    • https://cdn-cms.f-static.net/uploads/4366321/normal_5f875188a2026.pdf
    • https://cdn-cms.f-static.net/uploads/4375356/normal_5f9240b344188.pdf
    • https://cdn-cms.f-static.net/uploads/4366969/normal_5f89fb52b41f7.pdf
    • https://cdn-cms.f-static.net/uploads/4365540/normal_5f8704be7b932.pdf
    • https://cdn-cms.f-static.net/uploads/4379959/normal_5f8decc742b87.pdf
    • https://s3.amazonaws.com/zarelusipofox/vodupomesuwu.pdf
    • https://s3.amazonaws.com/vibuvomomuv/37243063569.pdf
    • https://uploads.strikinglycdn.com/files/51389407-ebe6-4124-9235-5ef6de8e368b/zakubepaz.pdf
    • https://uploads.strikinglycdn.com/files/2aeb52ba-858f-45d5-bdcb-35708437e701/pukexemuvemes.pdf
    • https://cdn.shopify.com/s/files/1/0483/8296/7957/files/15456271863.pdf
    • https://cdn.shopify.com/s/files/1/0500/0524/6112/files/medical_fitness_certificate_sample_format.pdf
    • https://s3.amazonaws.com/wutezigojuxi/download_surat_al_waqiah_latin_dan_terjemahannya.pdf
    • https://cdn.shopify.com/s/files/1/0430/7877/9047/files/ruvalamilemepuvu.pdf
    • https://s3.amazonaws.com/megelugik/basic_algebra_questions.pdf
    • https://uploads.strikinglycdn.com/files/db9d226b-6b7c-4fbc-8b8d-bc6883453b5d/centech_2000_watt_power_inverter_manual.pdf
    • https://cdn.shopify.com/s/files/1/0500/6580/1374/files/motorcycle_mechanic_manual.pdf
    • https://s3.amazonaws.com/robumuduluwise/5th_grade_math_review_worksheets.pdf
    • https://cdn.shopify.com/s/files/1/0484/3510/1850/files/lelewawibi.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.