Malicious PDF — malware analysis report

Static analysis result for SHA-256 a779c953ccc59f53…

MALICIOUS

PDF

33.6 KB Created: 2020-09-29 19:57:23 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 8a14bbbc6f7a7d8fde3411eb19532249 SHA-1: ee4534e34d58bae7c5e87bbf1351c817fc0b1f40 SHA-256: a779c953ccc59f5374747dcfa1aeb835f1ea246cb1f45994bdf5882a50a53a44
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a heuristic firing for a malicious redirector link. The embedded URL points to 'ggtraff.ru', which is known to host malicious content. The document body, though heavily obfuscated, also contains this URL, suggesting it's the primary lure. The file type and the nature of the URL indicate a phishing or redirection attack.

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ggtraff.ru/strik?keyword=aristotle+nicomachean+ethics+book+6+pdf
    • http://files.bigtrecreation.com/uploads/1/3/1/3/131379612/fasezojozixuf.pdf
    • http://susozuzo.stonyhilldental.com/uploads/1/3/1/4/131438362/wokumivez.pdf
    • http://zesetetiz.appmarc.com/uploads/1/3/0/8/130814408/9cfb96.pdf
    • http://zesek.wyohousing.com/uploads/1/3/0/8/130815017/1412260.pdf
    • http://kubimire.shonscience.com/uploads/1/3/1/4/131453526/judinitorolojun-zesusekuzivavuj.pdf
    • http://files.durjavaoriginals.com/uploads/1/3/1/3/131381946/pojekukatez_bajojuf.pdf
    • http://maravifo.sassyarabia.com/uploads/1/3/0/8/130874426/2567911.pdf
    • http://zuver.starmetallizing.com/uploads/1/3/1/4/131453980/fuvisod.pdf
    • https://uploads.strikinglycdn.com/files/5825571d-dc19-4c10-81fe-95e765cead78/dukonagugiboxopivifizorog.pdf
    • https://uploads.strikinglycdn.com/files/5b154ee9-4343-4aee-b156-8f12d79359b4/97231870371.pdf
    • https://uploads.strikinglycdn.com/files/d4717992-e00a-47a5-9039-2556a578a6c8/zabojarupogasijir.pdf
    • https://uploads.strikinglycdn.com/files/18563366-b9ba-49dd-97e8-5a14dc0e6ba5/jimaluser.pdf
    • https://uploads.strikinglycdn.com/files/caaa52d7-13a3-460c-ba22-7db33b7d8a9b/lovuriwarevitifet.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.