Malicious PDF — malware analysis report

Static analysis result for SHA-256 969da4e55d267f4f…

MALICIOUS

PDF

52.6 KB Created: 2021-01-02 13:16:58 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-27
MD5: 6e861c02a2a3eb21a56adeaa6e109684 SHA-1: ad6f2c73978ccbb2030a5b802ec4ec5f988c77c4 SHA-256: 969da4e55d267f4f7532106eb58d2a8ea4ae9c18c984a69f16a51def99e9fab0
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://traffine.ru/aws?utm_term=frisian+dew+outdoor+report'. The ML classifier also flagged the document as malicious. While no scripts were explicitly extracted, the PDF structure and embedded link suggest an attempt to lure the user to a malicious site, likely for phishing or to download a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6791

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffine.ru/aws?utm_term=frisian+dew+outdoor+report In PDF document text
    • https://static.s123-cdn-static.com/uploads/4453098/normal_5feee5c345a83.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4410217/normal_5f938ce660ee1.pdfIn PDF document text
    • https://cdn.sqhk.co/xuxozowaki/agdEiik/poached_egg_in_microwave_in_mug.pdfIn PDF document text
    • https://cdn.sqhk.co/latipizi/SQ6PQLQ/choice_of_games_forum.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4451954/normal_5fdc7604168e6.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4401972/normal_5fe5e4a9dc647.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4374188/normal_5fe179dc280b2.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4462046/normal_5fc9534d09d00.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4366398/normal_5f91f9a78a3f9.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4367645/normal_5f9f7be44f2a1.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/fa6d42e7-96d2-428c-8f2b-40c79690d967/1._what_is_the_price_elasticity_of_demand.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/c38105fe-e212-4cc1-a8a0-71ee2ff5b083/14678557572.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/a5d005dc-6fd7-483b-960d-4e3fd2222af6/kapuzuzadeziwowoxi.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.