Malicious PDF — malware analysis report

Static analysis result for SHA-256 9dd960424ee65206…

MALICIOUS

PDF

59.4 KB Created: 2020-11-13 15:37:18 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: c5643f90a3ea95dd10f955d993dfbb58 SHA-1: cec5efb4ee88d0e6e94db40fdb8e898bcfa4adce SHA-256: 9dd960424ee65206d464c65c0dabe48829c1950bdb150a1967cda843307b2044
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a critical heuristic firing indicating a link to known malicious redirector infrastructure. The ML classifier also flagged the document as malicious. The embedded URL 'https://gettraff.ru/aws?utm_term=anushka+shetty+movie' is the primary indicator of malicious intent, likely serving as a lure for phishing or to download further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8062

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gettraff.ru/aws?utm_term=anushka+shetty+movie
    • https://bedizegoresupa.weebly.com/uploads/1/3/1/3/131379398/5473886.pdf
    • https://uploads.strikinglycdn.com/files/e3f3be56-c0a1-4025-b42e-f87282596499/newekokiwaj.pdf
    • https://s3.amazonaws.com/solonebosop/ontario_business_corporations_act.pdf
    • https://uploads.strikinglycdn.com/files/83cc9de7-5b8f-4a30-a694-d2ed18911ccf/rovuko.pdf
    • https://uploads.strikinglycdn.com/files/3d6d1701-bcd1-44e2-a613-d7f64de789e8/90137369580.pdf
    • https://uploads.strikinglycdn.com/files/76ce87f7-21da-41b2-86a2-c84cc6a34377/3298033605.pdf
    • https://s3.amazonaws.com/mekonulegipero/cnbc_markets_reporter.pdf
    • https://s3.amazonaws.com/tarajix/mizepoxele.pdf
    • https://uploads.strikinglycdn.com/files/9d53af34-5f3d-4812-93dc-0069c51044c4/el_arte_de_insultar_arthur_schopenhauer.pdf
    • https://s3.amazonaws.com/mesixadelomomo/thermos_cooler_parts_and_accessories.pdf
    • https://s3.amazonaws.com/dapekufoxiraku/123_movies_apk.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.