Malicious PDF — malware analysis report

Static analysis result for SHA-256 7ed850c542b958f2…

MALICIOUS

PDF

67.6 KB Created: 2020-12-22 22:04:06 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: fae0217bb45037618c852f6b42b4bc6a SHA-1: 67492fde9c30b95a38ea856e06b45c1449b43f29 SHA-256: 7ed850c542b958f2a73de11d2daa2baba3c8cc34cc367fb80f5945635279d34c
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains an embedded URI pointing to 'traffset.ru', which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, suggests a lure related to a 'dedicated server guide'. No scripts were extracted, but the presence of an external URI and the malicious verdict strongly indicate a malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8846

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffset.ru/aws?utm_term=don%2527+t+starve+dedicated+server+guide
    • https://cdn-cms.f-static.net/uploads/4365601/normal_5fd9e42cef624.pdf
    • https://cdn-cms.f-static.net/uploads/4485162/normal_5fd75d1a28174.pdf
    • https://static.s123-cdn-static.com/uploads/4423195/normal_5fcf82cbab6df.pdf
    • https://cdn-cms.f-static.net/uploads/4369936/normal_5fa8d8c8dd88f.pdf
    • https://cdn-cms.f-static.net/uploads/4383302/normal_5fa06ff3e5758.pdf
    • https://cdn-cms.f-static.net/uploads/4366969/normal_5f87a1cd84c13.pdf
    • https://static.s123-cdn-static.com/uploads/4367289/normal_5fdef1be4bbfd.pdf
    • https://s3.amazonaws.com/bokelur/celf_5_formulated_sentences_scoring.pdf
    • https://static1.squarespace.com/static/5fc516d2c6229360ecc7e455/t/5fc773eb56cd4459b3b94a4a/1606906860116/82115008161.pdf
    • https://uploads.strikinglycdn.com/files/57fe4b8f-7f48-4e5f-9005-585ec3a71fcb/voxiwixizojo.pdf
    • https://uploads.strikinglycdn.com/files/14c19c32-1892-4d94-9c40-5ac8a721db63/gasuxafonifimer.pdf
    • https://static1.squarespace.com/static/5fc573b08787e879898a92f1/t/5fc6fd7d8f079636156eaed2/1606876542474/first_galactic_empire_flag.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.