Malicious PDF — malware analysis report

Static analysis result for SHA-256 80f501f1164d67ee…

MALICIOUS

PDF

50.6 KB Created: 2020-12-07 06:33:20 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-31
MD5: b08ce13c989ba6ecf3926e6b4c20fccd SHA-1: cd991a074ae7a0563996d925e7feb8810165820f SHA-256: 80f501f1164d67ee2d5f3bb87117d276a9327bcf11678d927814118c31e8583c
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a heuristic firing for a malicious redirector link, pointing to a URL that is likely part of a phishing campaign. The ML classifier also flagged the document as malicious. The document body, though heavily obfuscated, contains text related to 'Larson storm window installation guide', suggesting a lure to trick users into clicking the malicious link.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7800

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gettraff.ru/aws?utm_term=larson+storm+window+installation+guide In PDF document text
    • https://cdn-cms.f-static.net/uploads/4379498/normal_5fc0ad3f64484.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4483070/normal_5fbe5e9ae1599.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/91cc83d1-1c1e-4990-bb4b-bf4c38a0a4d3/pobuduxunexiwazuzu.pdfIn PDF document text
    • https://s3.amazonaws.com/lupebesu/63354817588.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/8a351a6c-a5fe-4361-ad03-6abb68b103a6/sagijenefijiloxedoguve.pdfIn PDF document text
    • https://static1.squarespace.com/static/5fc0ea21c30a162e0c52977d/t/5fcbe28c1df7590d80ec7a17/1607197324492/real_steel_movie_truck.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/8007caa3-bce5-4eed-9119-31ef4fe25485/fokazewaraluxikugapom.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/01a32762-d988-4254-a414-a5b0c31a05f3/3428178064.pdfIn PDF document text
    • https://s3.amazonaws.com/lomiwexuva/tuvatoxavosurenonuneve.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/d7803341-c2a1-41e4-b29f-200676e88655/medtronic_lifepak_cr-t_aed_trainer_instructions.pdfIn PDF document text
    • https://static1.squarespace.com/static/5fc10304b8467722f1d4df02/t/5fc165eb4f98375720140354/1606510064894/4th_anniversary_gift_ideas_fruit_and_flowers.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/38963c75-04dc-42e0-b1a8-33647fe72162/4493508753.pdfIn PDF document text