Malicious PDF — malware analysis report

Static analysis result for SHA-256 b4a1c31cd42d3a30…

MALICIOUS

PDF

24.6 KB Created: 2020-10-25 20:53:09 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 6e62b42cb5385aa710490a366a9bde9f SHA-1: f22a8b75519c6ec01e93cf1e4337a3d1edce0084 SHA-256: b4a1c31cd42d3a30dce911869434ca694458823dfdb4fe9cd3837fe0dda06c4c
112 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document is designed as an image-only lure, typical of phishing attempts, to entice users to click on a link. This link, identified as a malicious redirector, leads to external infrastructure. The document body contains text related to 'PDF to word converter software', suggesting a pretext for the malicious link.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9959

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 24 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cctraff.ru/aws?keyword=pdf+to+word+converter+software+free+download+trial+version
    • https://dutitujazekap.weebly.com/uploads/1/3/0/8/130814390/7971455.pdf
    • https://dirigesibujov.weebly.com/uploads/1/3/0/9/130969991/guzesotew_mepoxilazin.pdf
    • https://gogebuzavoriro.weebly.com/uploads/1/3/2/6/132681212/5507230.pdf
    • https://revokaraso.weebly.com/uploads/1/3/4/3/134320841/jirizakinoxenew_kakozen.pdf
    • https://kejijasorakabil.weebly.com/uploads/1/3/4/3/134311956/1765245d.pdf
    • https://cdn-cms.f-static.net/uploads/4365656/normal_5f94b538b07b8.pdf
    • https://cdn-cms.f-static.net/uploads/4389101/normal_5f92b3520ba4a.pdf
    • https://cdn-cms.f-static.net/uploads/4369493/normal_5f889957ae6f4.pdf
    • https://cdn-cms.f-static.net/uploads/4381320/normal_5f91ac8d83b20.pdf
    • https://cdn-cms.f-static.net/uploads/4369318/normal_5f8b234c6e220.pdf
    • https://fakimodixoto.weebly.com/uploads/1/3/0/7/130739088/navixidumavofuge.pdf
    • https://gewosawoma.weebly.com/uploads/1/3/0/7/130739201/ripakopapifeven-putagineninufe-duveworos-kudaso.pdf
    • https://jinezosibe.weebly.com/uploads/1/3/4/4/134454760/a7989a3871a2fb5.pdf
    • https://uploads.strikinglycdn.com/files/8370545c-ddf7-41a2-8317-e1e6468dab7d/pimalijufadiluroferokikab.pdf
    • https://uploads.strikinglycdn.com/files/c3d06cc6-4112-4404-a2de-fdb61ca3a151/buxufawesas.pdf
    • https://uploads.strikinglycdn.com/files/527e7d97-a5df-4ad6-811c-1e4e6ea2d223/paint_shop_pro_9.01.pdf
    • https://uploads.strikinglycdn.com/files/6a1c7b1d-61bf-4dae-ae3c-702281aaca4c/me_and_my_big_mouth.pdf
    • https://uploads.strikinglycdn.com/files/a2f7efd1-95f2-476c-b7b4-650866e0d50e/mokemejesizi.pdf
    • https://s3.amazonaws.com/temujonuwu/3rd_eye_meditation.pdf
    • https://s3.amazonaws.com/pibabopuduj/qsofa_sepsis.pdf
    • https://s3.amazonaws.com/felasorarabipis/74101631488.pdf
    • https://s3.amazonaws.com/zetare/57546761052.pdf
    • https://s3.amazonaws.com/zetare/bidawozosenuxujasigol.pdf
    • https://uploads.strikinglycdn.com/files/e24b1803-10f1-4c56-9c63-6394b09a13db/my_god_is_the_sun_tab.pdf
    • https://uploads.strikinglycdn.com/files/df1a78f8-4cfc-4f06-ba68-4fab4c02a141/complejo_de_edipo_en_adultos.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.