Malicious PDF — malware analysis report

Static analysis result for SHA-256 92cc8a77fb142c6d…

MALICIOUS

PDF

44.3 KB Created: 2020-12-22 13:11:09 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-05
MD5: 565628a2dd07d9aa0ed843290469680e SHA-1: 939844c870602882a18e136f2e1685ee817ff367 SHA-256: 92cc8a77fb142c6d817535b7b09f7040931c8d49730ecd07c9d67797cc1c2c5a
134 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF file was detected as malicious by ClamAV and an ML classifier. It contains a lure related to 'woodworking hand tools' and an embedded link that redirects to a suspicious URL, likely for phishing purposes. The PDF structure and embedded content suggest an attempt to exploit user curiosity or need for information to lead them to a malicious site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5927

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
    PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://trafftec.ru/strik?utm_term=woodworking+hand+tools+near+me PDF link annotation
    • https://cdn-cms.f-static.net/uploads/4418777/normal_5f98bdb422f0e.pdfIn PDF document text
    • https://pixogujoxekame.weebly.com/uploads/1/3/4/7/134715770/b79fa703ba2.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/2ed7e5c3-d5ba-4203-93b1-89af2cb417dc/62882938962.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/0e94e057-e692-4f54-b543-3afe637a8e62/prepare_the_journal_entry_to_record.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/527e8959-253a-47aa-a37d-f9eb01faf722/xidolawuv.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/40a96e4d-a334-4e45-9f0d-688939f3bab7/ucsd_biology_course_offerings.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/45446871-8bff-4d1e-8c20-ba8de7617284/root_zenfone_apk_uptodown.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/ff0561d7-db96-476f-880f-989e47f5b599/86941322126.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/3282d774-a260-4982-8fb9-57888a0480a5/crazy_football_player_stats.pdfIn PDF document text
    • https://s3.amazonaws.com/sizabo/jivofewixutir.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.