Malicious PDF — malware analysis report

Static analysis result for SHA-256 ae2630f4eb761a1c…

MALICIOUS

PDF

122.6 KB Created: 2021-01-23 01:01:15 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-11
MD5: 275959f26a69aea7ae5427cffb1972c1 SHA-1: 3a408bbc12b435977b8dd9d7c41d83e2e05fcfa4 SHA-256: ae2630f4eb761a1c74c8df2317e1fc6240936eb547da18a551946b0a08359c2c
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains an embedded URL that redirects to a known malicious domain, indicating a phishing or malware distribution attempt. The ML classifier and ClamAV detection strongly suggest malicious intent. Although no scripts were extracted, the presence of a malicious redirector URL is a high-confidence indicator of an attack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9184

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffine.ru/aws?utm_term=arte+de+la+prudencia+baltasar+graci%25C3%25A1n+pdf In PDF document text
    • https://vetolotex.weebly.com/uploads/1/3/1/3/131379132/xujupajafesase-gowikavitut.pdfIn PDF document text
    • https://lalidusuferub.weebly.com/uploads/1/3/4/4/134440540/biwopazatigus_vifik_sawepuset.pdfIn PDF document text
    • https://gofolepoxi.weebly.com/uploads/1/3/4/8/134882907/64c544771c.pdfIn PDF document text
    • http://setovewurepenu.22web.org/50549844390.pdfIn PDF document text
    • https://site-1177351.mozfiles.com/files/1177351/63496308512.pdfIn PDF document text
    • https://site-1175753.mozfiles.com/files/1175753/nevojovolamopop.pdfIn PDF document text
    • http://wanulutipumik.iblogger.org/cushman_wakefield_toronto_market_report.pdfIn PDF document text
    • https://rakevuxex.weebly.com/uploads/1/3/4/0/134040666/1137348.pdfIn PDF document text
    • http://ponarolo.22web.org/indonesian_alphabet_pronunciation_guide.pdfIn PDF document text
    • http://puwomuf.rf.gd/xevulu.pdfIn PDF document text
    • https://s3.amazonaws.com/nefunupu/dojo_loach_care_guide.pdfIn PDF document text
    • https://s3.amazonaws.com/rodakarugupoko/dulanitonuliradeborirowi.pdfIn PDF document text
    • http://ribaxekag.epizy.com/love_kiss_baby_photo.pdfIn PDF document text
    • https://s3.amazonaws.com/gurafoga/73555580544.pdfIn PDF document text
    • http://dusetelonuzaj.epizy.com/engel_modelo_biopsicosocial.pdfIn PDF document text
    • http://wabeworozad.rf.gd/colts_neck_nj_weather_report.pdfIn PDF document text
    • http://ninesunugata.epizy.com/charitable_contributions_form_1040.pdfIn PDF document text
    • http://raziwisubuza.rf.gd/rational_expression_worksheet_1_simplifying_answers.pdfIn PDF document text
    • https://s3.amazonaws.com/topipovikapari/varaforiromulul.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.