Malicious PDF — malware analysis report

Static analysis result for SHA-256 d13b01236bcbe08c…

MALICIOUS

PDF

38.0 KB Created: 2020-08-31 05:25:10 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: c30df085ad7a82ad62049ffc76056016 SHA-1: 92650b795e3816d7baa46328547fe1059af93f03 SHA-256: d13b01236bcbe08c283ce9e437c74b7a1c3868d3d1cf9ea0de565fe1a755b71e
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a critical heuristic firing indicating a malicious redirector link to 'ttraff.com'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded URLs, many pointing to Shopify. The ML classifier also strongly flagged this PDF as malicious. The primary attack vector appears to be social engineering via a malicious link, likely leading to a phishing or malware download page.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ttraff.com/wix?keyword=onkyo+ht+r590
    • https://cdn.shopify.com/s/files/1/0432/5788/8936/files/mysore_university_bsc_zoology_syllabus.pdf
    • https://cdn.shopify.com/s/files/1/0435/6833/2959/files/sakujidipa.pdf
    • https://cdn.shopify.com/s/files/1/0436/0349/3028/files/39175795125.pdf
    • https://cdn.shopify.com/s/files/1/0430/5348/2138/files/nikudomutivejotufepejej.pdf
    • https://cdn.shopify.com/s/files/1/0434/6642/4486/files/psychological_perspectives_of_education.pdf
    • https://static.usrfiles.com/ugd/f96b02_02bb710685df4e4587659be0c349bbae.pdf
    • https://static.usrfiles.com/ugd/b8c837_da30d6ebb71e486ba35eac40279845ff.pdf
    • https://static.usrfiles.com/ugd/9904c2_3b6bdecd413542089f24e3502c3a2df1.pdf
    • https://static.usrfiles.com/ugd/45fd81_4294611b0867489abba1ff0aaa957de3.pdf
    • https://static.usrfiles.com/ugd/47b1e8_79c13078afdd497189830c48aef545e3.pdf
    • https://static.usrfiles.com/ugd/97aff7_6eaa4c21666f45a5ad9fac729ed4ac38.pdf
    • https://cdn.shopify.com/s/files/1/0429/8054/0575/files/genealogy_research_report_example.pdf
    • https://cdn.shopify.com/s/files/1/0432/9963/5355/files/introduction_to_statistical_learning_with_applications_in_r_download.pdf
    • https://cdn.shopify.com/s/files/1/0438/4584/5152/files/85832146089.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00004a8e.bin
c51f0a2b24d3bf87487fe16149ba673c6c9d7e2cebec5d9693b5a7ee8b091cfb		 pdf-font-stream PDF embedded font (sfnt) at offset 0x4A8E 4588 bytes
font_01_sfnt_off00005a20.bin
6aee422682f8b0cbe902a39d91527b8b3273e04799a54e3299ea74285f377e70		 pdf-font-stream PDF embedded font (sfnt) at offset 0x5A20 10396 bytes
font_02_sfnt_off00007d86.bin
4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3		 pdf-font-stream PDF embedded font (sfnt) at offset 0x7D86 4324 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.