PDF malware analysis — malicious · 81bc4b110900e4fa

MALICIOUS

PDF

372.6 KB Created: 2020-10-31 21:44:15 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: 02dcb6052146d7fdc23f2ea70a212091 SHA-1: d3729fc8ed1f06f52851e2b6d6ef6e05f679384b SHA-256: 81bc4b110900e4fa21f802cc62dd9572c405714b6d59e0b43867b243c12ef92b

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file contains a heuristic firing for a malicious redirector link, pointing to 'https://ggtraff.ru/aws?keyword=expositor%2527s+bible+commentary+pdf'. The document body, though heavily obfuscated, appears to contain text related to 'Expositor's bible commentary pdf', suggesting a lure to trick users into clicking the malicious link. No scripts were extracted from this sample.

Machine Learning

Nyx PDF Classifier clean score 0.0197

Heuristics 2

PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://ggtraff.ru/aws?keyword=expositor%2527s+bible+commentary+pdf

Open this report in the interactive analyzer, or submit your own file for analysis.