Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa21717b93d50575…

MALICIOUS

PDF

32.0 KB Created: 2020-10-21 18:28:50 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: d9a21e09d1661bf57f46a8761e4d6d9b SHA-1: c3b92cfcd74fdbd289f842462ad10045cad87561 SHA-256: aa21717b93d50575a671f46bd634edbea2c87979bbccb8973452c0a1feb387a3
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, many of which point to a redirector service known to host malicious content. The document body, though heavily obfuscated, contains a URL that appears to be the primary lure. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9987

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ttraff.com/123?keyword=class+11+cbse+physics+practical+book+pdf
    • https://pezopipowom.weebly.com/uploads/1/3/1/4/131406060/326f30d54c2.pdf
    • https://meboguvogo.weebly.com/uploads/1/3/1/4/131437667/xesujexeminonewefuga.pdf
    • https://jovikuveditowe.weebly.com/uploads/1/3/0/8/130874612/8260080.pdf
    • https://s3.amazonaws.com/tadovu/zuvuvikugomobolo.pdf
    • https://s3.amazonaws.com/jamokaroxoj/benzimidazole_derivatives.pdf
    • https://s3.amazonaws.com/henghuili-files2/xumozepipazezuxa.pdf
    • https://s3.amazonaws.com/wilugugo/1810008040.pdf
    • https://uploads.strikinglycdn.com/files/7778291e-e6bc-4f9a-b1a4-f8eda602abeb/desventajas_de_las_tecnologias.pdf
    • https://uploads.strikinglycdn.com/files/f0bc7590-a380-4643-b4ed-0070413f4594/pabuturovami.pdf
    • https://uploads.strikinglycdn.com/files/e860ea64-fcb1-4a84-8e70-497609013a65/dozoveworagozimusejuju.pdf
    • https://uploads.strikinglycdn.com/files/31ff9a29-9c96-4a71-8190-148824ebe06b/80619676589.pdf
    • https://uploads.strikinglycdn.com/files/23659a5c-bb83-44aa-a9ca-52fa1751ccb5/wubelalaluxad.pdf
    • https://uploads.strikinglycdn.com/files/d70f05ed-c562-45a2-848e-6c2e046327b1/bruno_mars_unorthodox_jukebox_download_zip.pdf
    • https://uploads.strikinglycdn.com/files/5eaf9c1a-cea7-493b-909c-2751303d65c0/85554793791.pdf
    • https://uploads.strikinglycdn.com/files/7a9938fe-4b95-4e64-a387-1e371ae48198/30923853694.pdf
    • https://uploads.strikinglycdn.com/files/4dbe59bb-58b8-46ad-9f29-cef5cf0d7b34/vimojirusuximaj.pdf
    • https://uploads.strikinglycdn.com/files/aa5f008c-4d16-440c-b3be-9343a7a6c561/kurupuretuba.pdf
    • https://uploads.strikinglycdn.com/files/1af0bc79-f9ce-4a1d-818f-2f982b2a6350/selufamakerisevowilojipu.pdf
    • https://uploads.strikinglycdn.com/files/d63ce562-76ea-48eb-b1ae-16faf184d0bc/75819460617.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.