Malicious PDF — malware analysis report

Static analysis result for SHA-256 dbfebf31a0c9d794…

MALICIOUS

PDF

33.6 KB Created: 2020-10-05 18:46:32 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 58eb99334ea50e4f9f315acec2a39b57 SHA-1: 9598c80ff596c583788532660e48df4c3eb63c0a SHA-256: dbfebf31a0c9d7943d02c837eeec792a74ea5702840a63b7f8b2f4b35f0ed82d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a malicious redirector link, pointing to 'https://gettraff.ru/strik?keyword=furman+5k+training+plan'. This indicates the document's primary purpose is to lure users to a potentially harmful external site. While no scripts were explicitly extracted, the presence of embedded URLs and the ML classifier's high confidence suggest a malicious intent, likely for phishing or malware delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9947

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gettraff.ru/strik?keyword=furman+5k+training+plan
    • https://site-1037113.mozfiles.com/files/1037113/nemuzojinufovunuxovazapu.pdf
    • https://site-1042016.mozfiles.com/files/1042016/nawinotudozuwufuri.pdf
    • https://site-1037900.mozfiles.com/files/1037900/35103976570.pdf
    • https://site-1037115.mozfiles.com/files/1037115/27580218302.pdf
    • https://site-1048485.mozfiles.com/files/1048485/tutugivapemaseg.pdf
    • https://site-1036676.mozfiles.com/files/1036676/dudaxibixege.pdf
    • https://site-1036941.mozfiles.com/files/1036941/94393167601.pdf
    • https://site-1043218.mozfiles.com/files/1043218/sumobin.pdf
    • https://site-1043651.mozfiles.com/files/1043651/92385718105.pdf
    • https://cdn.shopify.com/s/files/1/0430/3686/8762/files/the_beast_side.pdf
    • https://uploads.strikinglycdn.com/files/842fed2a-11a8-44b1-ba09-26c11ea2ba86/morutusizilema.pdf
    • https://uploads.strikinglycdn.com/files/7ced21a9-6538-4df0-995b-59fe677c96a7/50556150289.pdf
    • https://uploads.strikinglycdn.com/files/149b597b-cc8e-4c17-8908-da57c6a06550/fexejonewigozibijurevira.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.