Malicious PDF — malware analysis report

Static analysis result for SHA-256 e35a2b79df1824ba…

MALICIOUS

PDF

50.6 KB Created: 2020-10-28 06:02:35 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 2045e5f28a7a99e09d3ff84c1cc868a3 SHA-1: 6c2ef6e9704e87d90bfd9c8214dd1880f47cbf3d SHA-256: e35a2b79df1824ba1bed6a939bafd878c916edf2cb38fcffa701d43c837b6719
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a link that redirects to known malicious infrastructure, disguised as a commentary PDF. The document body and embedded links suggest a lure to download further content, likely malicious. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9971

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gettraff.ru/strik?keyword=john+15+commentary+pdf
    • https://regujume.weebly.com/uploads/1/3/4/3/134339948/344602.pdf
    • https://wazuwivanesigov.weebly.com/uploads/1/3/4/4/134431766/2834584.pdf
    • https://saxibodusazo.weebly.com/uploads/1/3/0/7/130740440/dogivevitaxiwu.pdf
    • https://vaxajiwozoli.weebly.com/uploads/1/3/1/6/131637631/xolul-tamolidelimokew-gijelumazu-wuzogozipebe.pdf
    • https://bitexaxa.weebly.com/uploads/1/3/4/4/134477172/7582106.pdf
    • https://nulixedupalaz.weebly.com/uploads/1/3/0/7/130739510/60597de.pdf
    • https://s3.amazonaws.com/falevi/english_to_french_dictionary_download.pdf
    • https://s3.amazonaws.com/bugutaj/academic_vocabulary_in_use_edition_with_answers_2nd_edition.pdf
    • https://s3.amazonaws.com/memul/92688437786.pdf
    • https://s3.amazonaws.com/bubodeliza/51582468294.pdf
    • https://cdn.shopify.com/s/files/1/0481/8881/7562/files/complete_anatomy_2020_cracked_apk.pdf
    • https://cdn.shopify.com/s/files/1/0435/2724/1879/files/dubexidapofefazo.pdf
    • https://cdn.shopify.com/s/files/1/0432/6208/3232/files/bcma_fee_guidelines_a00095.pdf
    • https://uploads.strikinglycdn.com/files/3f93adb6-7d0b-4301-b748-1315acdb3d6d/tabakevulubamosadigisade.pdf
    • https://uploads.strikinglycdn.com/files/54765ab2-8293-4d6d-8b17-3287e41523ca/song_of_solomon_toni_morrison.pdf
    • https://uploads.strikinglycdn.com/files/b200c132-633d-4ae4-9a4a-0c043360bc87/61313718521.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.