PDF malware analysis — malicious · d452e0b06e8b927c

MALICIOUS

PDF

356.3 KB Created: 2015-08-21 09:13:31 +03:00 Authoring application: wkhtmltopdf 0.12.2.4 (via Qt 4.8.6)

MD5: 4fb6543d80f627287cb96962acdc7809 SHA-1: acc0834a11d81b20c57cf3bd7ca08284fd0cdca3 SHA-256: d452e0b06e8b927c260a63468eb2e27c301bacb7f6204e887909a7aa82c453ae

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a link that redirects to a known malicious domain, masquerading as a Wi-Fi password hacking tool. This indicates a social engineering attempt to trick users into visiting a malicious site. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the exact payload.

Heuristics 2

PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://botcraftman.ru/?lip&keyword=wifi+password+hack+v5+%D1%81%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C&charset=utf-8

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00054764.bin` `76c39170f35096e15295a392331a81fe36c74754784f2d7ed28c52acc84bd638`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x54764	10048 bytes
`font_01_sfnt_off0005634f.bin` `e196189621ec1cc9777460ac67a11cac3fbf8134af26c26f559b1f3fcf963f55`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x5634F	15348 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.