Malicious PDF — malware analysis report

Static analysis result for SHA-256 5aac80cf141776a8…

MALICIOUS

PDF

32.0 KB Created: 2020-10-15 11:50:49 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 501444c8112cb8dc0a84cfe0abd92849 SHA-1: 7e99337c4ac321b562b40e9cf980b662c25d0242 SHA-256: 5aac80cf141776a8611a5ff370da23e64d6b9898060f009b2a76b0f63ed2c462
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF contains embedded links that redirect to a known malicious infrastructure, specifically 'https://cctraff.ru/strik?keyword=occupational+outlook+handbook+veterinarian'. This indicates an attempt to deliver a malicious payload or redirect the user to a phishing site. The ML classifier also strongly flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9995

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cctraff.ru/strik?keyword=occupational+outlook+handbook+veterinarian
    • https://site-1038920.mozfiles.com/files/1038920/73352573831.pdf
    • https://site-1048288.mozfiles.com/files/1048288/52200531924.pdf
    • https://site-1041946.mozfiles.com/files/1041946/telowapivabawis.pdf
    • https://site-1037037.mozfiles.com/files/1037037/duwiro.pdf
    • https://site-1038898.mozfiles.com/files/1038898/gigawafojotususuxokuviru.pdf
    • https://site-1039283.mozfiles.com/files/1039283/rugakomesukawuvodazowa.pdf
    • https://site-1041281.mozfiles.com/files/1041281/31287026688.pdf
    • https://site-1038304.mozfiles.com/files/1038304/73342496776.pdf
    • https://site-1044015.mozfiles.com/files/1044015/zebarolasatiganuxekegib.pdf
    • https://site-1043933.mozfiles.com/files/1043933/2667438598.pdf
    • https://site-1036671.mozfiles.com/files/1036671/kuzire.pdf
    • https://site-1037850.mozfiles.com/files/1037850/37230864641.pdf
    • https://site-1039217.mozfiles.com/files/1039217/gunakasowurexalax.pdf
    • https://mojivimimujovo.weebly.com/uploads/1/3/0/8/130874437/85f5a0.pdf
    • https://vozutadisifik.weebly.com/uploads/1/3/1/4/131483249/6ea6ef826f56.pdf
    • https://bedizegoresupa.weebly.com/uploads/1/3/1/3/131379398/dekegu.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • https://uploads.strikinglycdn.com/files/4995753a-c304-443c-8625-1810b850a344/wajesa.pdf
    • https://uploads.strikinglycdn.com/files/ec1d4f9f-b7af-4035-973e-aac35a1ed9b3/norutawep.pdf
    • https://uploads.strikinglycdn.com/files/4f48e789-8931-40cd-b76c-90b69819bc2f/zedadujokoma.pdf
    • https://uploads.strikinglycdn.com/files/72f377c8-8aea-48af-80d5-ec60ec8b9836/fatanosadipitimo.pdf
    • https://cdn.shopify.com/s/files/1/0434/3362/3708/files/arrowhead_park_early_college_las_cruces.pdf
    • https://cdn.shopify.com/s/files/1/0432/2630/0575/files/zozizudesojuwofizusofofux.pdf
    • https://cdn.shopify.com/s/files/1/0499/3862/8762/files/bsc_botany_honours_syllabus.pdf
    • https://cdn.shopify.com/s/files/1/0431/5060/6496/files/64772210005.pdf
    • https://cdn.shopify.com/s/files/1/0485/9566/5056/files/core_connections_geometry_chapter_5_answers.pdf
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00006e1c.bin
a78790f76f579512ae33c5f026a784be5f48dc7a6b45ab699870421351edd855		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6E1C 5156 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.