Malicious PDF — malware analysis report

Static analysis result for SHA-256 9824e3296c7b1baf…

MALICIOUS

PDF

52.6 KB Created: 2020-12-16 23:47:06 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-17
MD5: 7db19e5276572a428c0594cc02a8f7b5 SHA-1: bd33f3047515e2c60fc5bebed84d8c4746b311db SHA-256: 9824e3296c7b1baf99a07abc4e3998a9b8bc200b8cbaa5f25410ba9fbbf49eef
152 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a link to a known malicious redirector, which is also flagged by ClamAV as 'Pdf.Phishing.Trojan'. The document body, though heavily obfuscated, contains text related to 'Counter Strike Nexon Zombies for PC', suggesting a lure for users seeking game downloads. The presence of a malicious URL and the ClamAV detection strongly indicate a phishing or trojan distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7015

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cctraff.ru/aws?utm_term=counter+strike+nexon+zombies++for+pc In PDF document text
    • https://cdn-cms.f-static.net/uploads/4404528/normal_5f9d7723998d4.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4459463/normal_5fca0b60badfa.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4451757/normal_5fc269ece6c3e.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/7a48e7d6-a6ad-4188-8e76-e655fc881d6e/arch_of_titus_ark_of_the_covenant.pdfIn PDF document text
    • https://static1.squarespace.com/static/5fc0dd745bcb0228a2824d01/t/5fc55d809ee0f32b8706df04/1606770049496/dream_girl_full_movie_watch_online_free_fmovies.pdfIn PDF document text
    • https://static1.squarespace.com/static/5fc13d0827a199023ab79d37/t/5fc3b13f5147b14804a3c339/1606660419593/charter_error_code_408.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/a13b867a-428b-4710-b1c6-f8707571903c/casio_fx_991ex_manual.pdfIn PDF document text
    • https://static1.squarespace.com/static/5fc703795c272238a8179ca4/t/5fc93ea74af2d138565d810e/1607024295760/zoo_craft_animal_family_mod_apk_android_1.pdfIn PDF document text
    • https://static1.squarespace.com/static/5fc37f170b6b03258f45d436/t/5fc48dbcf8cdb769c675144c/1606716860682/nevutuwi.pdfIn PDF document text
    • https://s3.amazonaws.com/nosepevozux/gotusuze.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/f4f31ae1-5f44-4ebd-ad88-57a9b4ed60da/zeronoloxupogov.pdfIn PDF document text
    • https://s3.amazonaws.com/zikeko/79788024048.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.