Malicious PDF — malware analysis report

Static analysis result for SHA-256 e7bffec9810cdbc6…

MALICIOUS

PDF

31.6 KB Created: 2020-10-25 21:56:56 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 5fb7fa6f41de63a05a5bf4c94657aeb1 SHA-1: 3e44a3733f37a25d1eb1a99aa222f27d82ad6b01 SHA-256: e7bffec9810cdbc6da2a8d17ba24b0f77174b4a9e6e82ea78574d66547be56f0
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a link that redirects to malicious infrastructure, as indicated by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The embedded URL is disguised as a textbook download, suggesting a phishing or social engineering lure. No scripts were extracted, but the presence of a malicious redirector is a high-confidence indicator of malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9973

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gettraff.ru/strik?keyword=managerial+accounting+15th+edition+g
    • https://cdn-cms.f-static.net/uploads/4406777/normal_5f923ae3023af.pdf
    • https://s3.amazonaws.com/memul/kalapuvevugozekitevuja.pdf
    • https://s3.amazonaws.com/julaxel/98924446661.pdf
    • https://s3.amazonaws.com/sugaguxagu/2072738557.pdf
    • https://s3.amazonaws.com/subud/vertebrate_zoology_practical.pdf
    • https://s3.amazonaws.com/subud/53526006748.pdf
    • https://uploads.strikinglycdn.com/files/cd3f7e9b-6bdc-47f6-bd39-c925b1f96e5d/74977323507.pdf
    • https://uploads.strikinglycdn.com/files/bcb9adc2-ada1-427a-ae2f-6f90e365ff35/twilight_saga_breaking_dawn_part_1_i.pdf
    • https://uploads.strikinglycdn.com/files/97a06786-ca13-4cde-996a-c88814201853/82427014240.pdf
    • https://uploads.strikinglycdn.com/files/9765c21e-49a5-4156-b30c-7088302dc755/download_album_payung_teduh_akad.pdf
    • https://s3.amazonaws.com/wotodedaruzuk/flesh_and_bone_an_introduction_to_forensic_anthropology.pdf
    • https://s3.amazonaws.com/bubodeliza/66566434790.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.