PDF malware analysis — malicious · 57a702f357a1f1d6

MALICIOUS

PDF

66.6 KB Created: 2021-01-08 16:01:57 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-05

MD5: 08e7c5e93df83d58d5f3f25798d291af SHA-1: da305ac2fdbee6238984fc875f8030bbd8c39d35 SHA-256: 57a702f357a1f1d607011a0fab07aa439d96a5b13d4e8fd703bb7f959e684f9f

122 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file contains a critical heuristic firing indicating a malicious redirector link. The embedded URL, 'https://traffine.ru/aws?utm_term=companies+accounting+standards+rules+2006', is flagged as malicious. This suggests the document's primary purpose is to lure the user to this external site, likely for phishing or to download further malicious content.

Machine Learning

Nyx PDF Classifier clean score 0.1727

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://traffine.ru/aws?utm_term=companies+accounting+standards+rules+2006 In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.