Malicious PDF — malware analysis report

Static analysis result for SHA-256 d2b8cfe054e55b28…

MALICIOUS

PDF

48.6 KB Created: 2020-11-02 03:29:17 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 9452c7ad0f35aa87997b3b5e7583f5b5 SHA-1: 659059d6a73ecee4a3dd682df8795324b2a0ffd1 SHA-256: d2b8cfe054e55b287b27e4707a570e4253ee413ef77b35505ce716397e0179d2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a link that redirects to known malicious infrastructure, as indicated by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though heavily obfuscated, contains the same URL, suggesting an attempt to trick the user into clicking it. No scripts were extracted, but the presence of a malicious redirector link is a strong indicator of a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9982

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gettraff.ru/strik?keyword=the+advertising+concept+book+pdf
    • https://cdn-cms.f-static.net/uploads/4371498/normal_5f96a61c39665.pdf
    • https://cdn-cms.f-static.net/uploads/4366324/normal_5f87174c406ab.pdf
    • https://cdn-cms.f-static.net/uploads/4416154/normal_5f97836685df7.pdf
    • https://cdn-cms.f-static.net/uploads/4384468/normal_5f9d0fa8d82a7.pdf
    • https://s3.amazonaws.com/wewuxuviwar/18654051580.pdf
    • https://uploads.strikinglycdn.com/files/740b9010-ab02-434a-9416-d75575468dbe/rerenitowunupiniji.pdf
    • https://uploads.strikinglycdn.com/files/7af891b1-4283-4bbd-b2fa-36eab5ac6218/dijonujerekakexezeg.pdf
    • https://cdn.shopify.com/s/files/1/0496/0413/3013/files/az-100_study_guide.pdf
    • https://uploads.strikinglycdn.com/files/9f84544b-829b-4b14-9076-64e7032b70a1/61381326264.pdf
    • https://uploads.strikinglycdn.com/files/de009866-af7b-4716-bb67-fdff3c1a600d/jemumolosotaresuzavapanog.pdf
    • https://uploads.strikinglycdn.com/files/f77c178e-bbcb-4b07-86d2-fa4e29fba530/44473203591.pdf
    • https://uploads.strikinglycdn.com/files/0ba426e0-e519-4680-85ce-516064a94087/intro_to_psychology_exam_2_answers.pdf
    • https://s3.amazonaws.com/vapelurowar/how_low_can_you_go_lyrics_chris_brown.pdf
    • https://uploads.strikinglycdn.com/files/c9f87773-a2a0-491b-acc6-d970f028bc63/roranugovagapugupipijere.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.