Malicious PDF — malware analysis report

Static analysis result for SHA-256 9cdcd070791f0044…

MALICIOUS

PDF

47.6 KB Created: 2021-02-24 18:45:37 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 0a130534b6fb395a561dd7bc288b3c43 SHA-1: b504a145e978b2c86d125e744c8c281a7baa7989 SHA-256: 9cdcd070791f004421b32618e245cc0602b241d98d743b28e3e9381bc5fb1035
172 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document is designed as a lure, presenting itself as a 'Maths formulas' PDF but containing only an image and a malicious redirect link. The primary malicious URL, https://yafferge.ru/award?keyword=maths+formulas+upto+10th+class+pdf, is flagged as a known malicious redirector. The document's structure and the presence of a malicious link strongly indicate a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7448

Heuristics 4

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 47 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://yafferge.ru/award?keyword=maths+formulas+upto+10th+class+pdf
    • http://dumubemajizukov.medianewsonline.com/gabogowuli.pdf
    • https://cdn.sqhk.co/tizesefetus/hbfiagj/united_for_respect_rise_up_retail.pdf
    • https://norusukesalija.weebly.com/uploads/1/3/4/3/134356509/pedadojaxepatoxabik.pdf
    • http://gejesixave.scienceontheweb.net/30668743068.pdf
    • http://jujibej.iblogger.org/google_chrome_beta_app.pdf
    • http://nugajawoteb.iblogger.org/barevikiwezajax.pdf
    • http://xulubapatoso.scienceontheweb.net/87662354558.pdf
    • https://mavezuwunokil.weebly.com/uploads/1/3/4/6/134627141/xupeje_pabibifiseved_lozinonapekenu.pdf
    • https://muxilakenakujud.weebly.com/uploads/1/3/4/0/134012833/najogeboxep-kunuxu-vorufedu.pdf
    • https://cdn.sqhk.co/rabataxuvax/jaifKQv/81124268285.pdf
    • https://cdn.sqhk.co/donuvoduvedo/ehhMjhp/kafatadukabanekupijixi.pdf
    • http://fanisore.sportsontheweb.net/platicas_prebautismales_cuauhtemoc_chihuahua.pdf
    • http://bivojeda.atwebpages.com/jovos.pdf
    • http://mowiwanafiv.epizy.com/java_number_format_two_decimal_places.pdf
    • http://lumaradidufil.epizy.com/binoxiwusexubedodut.pdf
    • http://mesesoriran.epizy.com/8492060924.pdf
    • http://luvabokinoleg.onlinewebshop.net/the_road_less_traveled_ebook.pdf
    • http://dodadugiwajazar.rf.gd/accidents_report_los_angeles.pdf
    • http://zorijofoxafa.epizy.com/best_cctv_camera_app_for_android.pdf
    • http://kavibajegis.onlinewebshop.net/how_to_remove_delonghi_infuser.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.