Malicious PDF — malware analysis report

Static analysis result for SHA-256 e408a5dfa4bddf02…

MALICIOUS

PDF

66.8 KB Created: 2020-10-03 13:53:31 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-11-22
MD5: afb738ffd2506751fae3c9fad17502ac SHA-1: 8ec0c8ae62f5dd58667604684804e33e4a513f0b SHA-256: e408a5dfa4bddf02c71f97c6dd00c6834f8176073353d5ddc2f8b7c9af17d4e1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains embedded links that redirect to a known malicious domain, ggtraff.ru. This indicates the document is likely a lure to direct users to a malicious site, potentially for phishing or to download further malware. The ML classifier also flagged this PDF with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9713

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ggtraff.ru/strik?keyword=auditoria+administrativa+amador+sotomayor+pdf In PDF document text
    • https://site-1036689.mozfiles.com/files/1036689/bimopagakuk.pdfIn PDF document text
    • https://site-1037073.mozfiles.com/files/1037073/95769583179.pdfIn PDF document text
    • https://site-1036775.mozfiles.com/files/1036775/6470708218.pdfIn PDF document text
    • https://site-1038416.mozfiles.com/files/1038416/15430585090.pdfIn PDF document text
    • https://site-1036851.mozfiles.com/files/1036851/8424693085.pdfIn PDF document text
    • https://site-1036929.mozfiles.com/files/1036929/xovugawanupifoxiwuwo.pdfIn PDF document text
    • https://site-1037187.mozfiles.com/files/1037187/70215899559.pdfIn PDF document text
    • https://site-1037009.mozfiles.com/files/1037009/mebufozosaxalokenafokiw.pdfIn PDF document text
    • https://site-1038427.mozfiles.com/files/1038427/wenetifirulakezema.pdfIn PDF document text
    • https://site-1038531.mozfiles.com/files/1038531/fulep.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0499/5461/9560/files/jozuzivisu.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0470/5851/8184/files/turibemoxulapopoda.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0478/0094/2751/files/gold_and_jade_crown_silla_kingdom.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0478/4226/3199/files/oracion_15_minutos_con_santa_marta.pdfIn PDF document text
    • https://cdn.shopify.com/s/files/1/0435/5273/5391/files/fegogutozomesitemikavema.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/255d3b3e-bf2a-4b27-97f0-37dba97a2778/mawexutokopud.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/2a912825-edb1-4b68-80a6-e49725e1560d/97467716385.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/3dfb87f3-cfc0-4ea8-9c7c-55b24caea229/nefusibabiw.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.