MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file was flagged for containing a link to a known malicious redirector. This indicates a likely attempt to lure the user to a harmful website. The document body was unreadable, but the presence of the malicious URL is sufficient evidence for this assessment. No scripts were extracted from this sample.
Heuristics 2
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://botcraftman.ru/?lip&keyword=%D0%92%D0%B5%D0%B3%D0%B0+312+%D1%81%D1%82%D0%B5%D1%80%D0%B5%D0%BE+%D1%81%D1%85%D0%B5%D0%BC%D0%B0&charset=utf-8
- http://img1.liveinternet.ru/images/attach/c/7//4741/4741360_prilozheniya__dlya__nokia_.pdf
- http://img0.liveinternet.ru/images/attach/c/7//4740/4740558_rabochaya__programma__po_.pdf
- http://img1.liveinternet.ru/images/attach/c/7//4741/4741516_raxco__perfectdisk__10_.pdf
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000555e1.bin9a03b1c46f486da391ca30ba9491f69f70c5e8b710532aa291e9d914bd2bdbc9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x555E1 | 8940 bytes |
font_01_sfnt_off00056ffd.bin26e39894dfef40161c749a24997183fa8ddec3926d762a95f17f171d542247d7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x56FFD | 16100 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.