PDF malware analysis — malicious · c7bf02f6e4d33cf3

MALICIOUS

PDF

50.2 KB Created: 2021-03-08 21:37:41 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-05-22

MD5: 2ae507bdc52f0589f43e9d606f2c4bf2 SHA-1: e36eee0a01d1eebb77abefd53e9ec989bbdbfda0 SHA-256: c7bf02f6e4d33cf336740d026604b7343f4b7a24e22a96528fa8bfd33b662f46

152 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file was flagged by multiple heuristics, including a critical alert for linking to known malicious redirector infrastructure. The embedded URL points to a domain associated with phishing or malware distribution. While no scripts were explicitly extracted, the PDF structure and the presence of a malicious URL strongly suggest an attempt to redirect the user to a harmful site, likely for credential harvesting or further malware delivery.

Machine Learning

Nyx PDF Classifier malicious score 0.6121

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://crophysi.ru/award?keyword=what+is+binary+number+system+pdf In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.