MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link to a known malicious redirector, http://botcraftman.ru/, which is a strong indicator of malicious intent. The embedded URL is likely used to lure the user to a site that hosts further malicious content or phishing forms. No scripts were extracted, limiting the analysis of specific behaviors.
Heuristics 2
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://botcraftman.ru/?lip&keyword=Toshiba+ac100+117+%D0%BF%D1%80%D0%BE%D1%88%D0%B8%D0%B2%D0%BA%D0%B0&charset=utf-8
- http://img1.liveinternet.ru/images/attach/c/7//4741/4741010_lite__modification__71_.pdf
- http://img0.liveinternet.ru/images/attach/c/7//4740/4740708_plug__dlya__kultivatora_.pdf
- http://img1.liveinternet.ru/images/attach/c/7//4741/4741084_devushki__zastavlyayut__pit_.pdf
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000515cf.binfad9153fe2b6f47f2903d2f2138202dc81a6c845454900d741e62795c51defb3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x515CF | 8392 bytes |
font_01_sfnt_off00052ce7.bin0b79cf33eb6f05c19a32dc34135d8a080c57b1d5865bfa5692deea955d2165a3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x52CE7 | 16060 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.