PDF malware analysis — malicious · 8170caeda28d14f1

MALICIOUS

PDF

117.1 KB Created: 2020-08-02 17:17:26 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: 2d7785af03b5de0eb2a095a9b803d3de SHA-1: 72dee32bcedfde1fad4cc386d64dbe5fefb96d5f SHA-256: 8170caeda28d14f1e1ddd32a77bb7b5076f6cf5163ce2639f00d51696001aa43

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file contains an embedded URL that points to a known malicious redirector. This suggests the document is designed to lure users to a malicious website, likely for phishing or malware distribution. The document body itself is heavily obfuscated and contains what appears to be encoded data and the redirector URL.

Machine Learning

Nyx PDF Classifier clean score 0.0956

Heuristics 2

PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://ttraff.cc/pify?keyword=51.+389167%252C+30.+099444

Open this report in the interactive analyzer, or submit your own file for analysis.