PDF malware analysis — malicious · b09b41e658b64e2c

MALICIOUS

PDF

100.2 KB Created: 2021-01-06 21:55:24 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-05

MD5: 173f55e87eb95e9a93d38238fc581438 SHA-1: 68e0673972deb32ef25d1d81636f537740d9c6ab SHA-256: b09b41e658b64e2c5ce9006fbd5b4409dec4dc8a4245dfb664929571213ad0ba

122 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file was flagged by ClamAV as malicious and contains a critical heuristic indicating a link to known malicious redirector infrastructure. The embedded URL, https://traffine.ru/aws?utm_term=zoster+ophthalmicus+guidelines, likely serves as a lure to a phishing or malware distribution site. No scripts were extracted, but the presence of a malicious redirector strongly suggests a phishing or credential harvesting attempt.

Machine Learning

Nyx PDF Classifier clean score 0.1056

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://traffine.ru/aws?utm_term=zoster+ophthalmicus+guidelines In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.