Malicious PDF — malware analysis report

Static analysis result for SHA-256 679d359e8e072466…

MALICIOUS

PDF

50.6 KB Created: 2020-12-18 04:10:49 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: cd06ee166695848c32dbfa329d554723 SHA-1: f49491d2845e545e64ba4e45e1fa96f9dc66ead9 SHA-256: 679d359e8e0724664b456476aeec55eb1b6433126b593fbb22f6e9290190f8ac
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a critical heuristic firing for a malicious redirector link pointing to 'https://gettraff.ru/aws?utm_term=nccn+guidelines+locally+advanced+pancreatic+cancer'. This indicates the document is designed to lure users to a potentially harmful website. The ML classifier and ClamAV also flagged the file as malicious, supporting the phishing or malware distribution intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6925

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gettraff.ru/aws?utm_term=nccn+guidelines+locally+advanced+pancreatic+cancer
    • https://sakeneri.weebly.com/uploads/1/3/4/3/134339958/jirunajolerome.pdf
    • https://fepirajoruvizu.weebly.com/uploads/1/3/4/3/134311883/nowaja_fuduxesamixeri_donajadoxo.pdf
    • https://fukobararusi.weebly.com/uploads/1/3/4/4/134404541/b27f9d99abae0.pdf
    • https://sabidodavo.weebly.com/uploads/1/3/1/4/131408103/bikefijitudob-dafoba-getave.pdf
    • https://static.s123-cdn-static.com/uploads/4483870/normal_5fcac8b86fe9c.pdf
    • https://static1.squarespace.com/static/5fc0baae3dfdd95b60d439b1/t/5fc3e11c4e98326c0288784c/1606672670098/relativity_searching_guide.pdf
    • https://uploads.strikinglycdn.com/files/c5daa8a9-6f85-43a4-a29e-a7416706717b/reinforced_concrete_design_examples.pdf
    • https://uploads.strikinglycdn.com/files/882a6e9b-e84e-47b7-bbc3-54af2eb1e06b/dr._friedenstab_vero_beach_fl.pdf
    • https://uploads.strikinglycdn.com/files/18d1ed52-58ea-4125-bcbf-fd85dde4310f/north_fork_campground_colorado.pdf
    • https://uploads.strikinglycdn.com/files/cfa31459-7fdf-4990-a6a1-15820539ff32/how_to_make_a_slave_book.pdf
    • https://static1.squarespace.com/static/5fc0fe2417e7202640eab110/t/5fc30f459b1ed0353841a00e/1606618950606/rokazosu.pdf
    • https://static1.squarespace.com/static/5fc37c6992c50b1a1e87d9cd/t/5fce73000b197a18ad134383/1607365381799/82315666067.pdf
    • https://uploads.strikinglycdn.com/files/41901283-f9c8-4d5b-9428-91b3ebe65278/lewalogopadulisiwaxiw.pdf
    • https://uploads.strikinglycdn.com/files/df3570c5-7124-4b3b-8dcf-a9dd01058568/kefejukurafeg.pdf
    • https://uploads.strikinglycdn.com/files/7e270117-eb61-4a7b-930e-e3fa08966849/66236182825.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.