Malicious PDF — malware analysis report

Static analysis result for SHA-256 7d4cad1c202ac38a…

MALICIOUS

PDF

75.4 KB Created: 2020-11-07 00:46:24 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 1b87095bf1d0e4d6f0a86b3856a0e727 SHA-1: a6c0dd14699861c87fa62bba5625e507909507b5 SHA-256: 7d4cad1c202ac38a2eae7280b59752f4cfc4f20afb4e3bcc24ebee11c465b93c
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a critical heuristic firing for linking to known malicious redirector infrastructure, specifically pointing to 'ggtraff.ru'. The document body, though heavily obfuscated, contains a URL that matches the malicious redirector. This suggests the PDF is designed to redirect users to a malicious site, likely for phishing or to download further malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9852

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ggtraff.ru/aws?keyword=dnd+5e+blood+hunter+2020+guide
    • https://uploads.strikinglycdn.com/files/e5672635-32f1-475b-afcf-0f3f40dfb165/haz_llover_letra_jesus_culture.pdf
    • https://uploads.strikinglycdn.com/files/f75b914f-8888-4e48-825c-28420109c8ba/estudios_biblicos_para_jovenes_bautistas.pdf
    • https://mekiperefef.files.wordpress.com/2020/11/lightroom_6.14_download_windows.pdf
    • https://uploads.strikinglycdn.com/files/356e8c2f-ffc5-4877-948a-dc04e38d6b7f/lixarisasofiwamesi.pdf
    • https://uploads.strikinglycdn.com/files/688b01ec-c1d9-4a28-86f6-493b83bec21e/60978054405.pdf
    • https://uploads.strikinglycdn.com/files/4a13d147-17a1-43a3-98bb-ebe142ee3106/sorusujipiluxobamotupa.pdf
    • https://uploads.strikinglycdn.com/files/227f37e6-8e50-45ae-a74d-84fb422e7a2f/vuveto.pdf
    • https://s3.amazonaws.com/lonozote/5e_elemental_spells.pdf
    • https://delutubaradu.files.wordpress.com/2020/11/wogagetesagesuvega.pdf
    • https://uploads.strikinglycdn.com/files/a74fdb61-833f-4abd-b556-0b573f1b1a92/wunotid.pdf
    • https://lusiwelop.files.wordpress.com/2020/11/wewujuvobamun.pdf
    • https://s3.amazonaws.com/zirojopemup/87709079591.pdf
    • https://uploads.strikinglycdn.com/files/c2aafa07-496e-4f53-8fb5-e3656e9b52d3/minecraft_2_apk.pdf
    • https://junevip.files.wordpress.com/2020/11/chapter_10_cell_growth_and_division_vocabulary_review_answer_key.pdf
    • https://uploads.strikinglycdn.com/files/bad03083-e8ca-40f9-a5d2-a04ce556eef9/61730393707.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.