Malicious PDF — malware analysis report

Static analysis result for SHA-256 ecd31fc65b407e47…

MALICIOUS

PDF

18.8 KB Created: 2020-10-26 12:12:19 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 7b8ee36cf533faa053fe3c30972ffd28 SHA-1: 2346590d4e815cb2273bb6ec714599c25fd551f0 SHA-256: ecd31fc65b407e4714a76b1b2628500628ac824e0de8378d4151d3cc42d18b7b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains an embedded link that redirects to known malicious infrastructure, as indicated by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though heavily obfuscated, contains the same malicious URL. This suggests the primary goal is to trick the user into visiting a malicious site, likely for further exploitation or phishing.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9968

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cctraff.ru/pify?keyword=dixit+cards+pdf+free+download
    • https://jobubati.weebly.com/uploads/1/3/1/4/131453688/398b624eaf.pdf
    • https://donodofi.weebly.com/uploads/1/3/1/8/131856097/jibidifetan-batomufulanig-loverajini-wunawowob.pdf
    • https://wipomozexabezi.weebly.com/uploads/1/3/0/7/130776841/6085368.pdf
    • https://xukanimuwuvam.weebly.com/uploads/1/3/2/6/132696198/nomusilibefonag.pdf
    • https://nasijominazol.weebly.com/uploads/1/3/4/3/134366940/79a4b75a.pdf
    • https://vilukenuxe.weebly.com/uploads/1/3/2/8/132814007/pelupe.pdf
    • https://cdn-cms.f-static.net/uploads/4365546/normal_5f878386104e5.pdf
    • https://cdn-cms.f-static.net/uploads/4376099/normal_5f9417f13e635.pdf
    • https://cdn-cms.f-static.net/uploads/4366987/normal_5f874075c992a.pdf
    • https://s3.amazonaws.com/wonoti/psychology_notes_in_urdu.pdf
    • https://s3.amazonaws.com/xetasif/urdu_numbers_1_to_100_in_words.pdf
    • https://s3.amazonaws.com/zamuriza/vetuwizu.pdf
    • https://cdn.shopify.com/s/files/1/0482/8410/6907/files/android_10_for_oneplus_7_official.pdf
    • https://cdn.shopify.com/s/files/1/0430/3853/9927/files/87561902406.pdf
    • https://cdn.shopify.com/s/files/1/0480/9074/2948/files/1234_diet_drops_instructions.pdf
    • https://uploads.strikinglycdn.com/files/5ab9d2b1-0f2a-42c9-a0d4-1ea8c9bf6427/pikopunovosedoveweva.pdf
    • https://uploads.strikinglycdn.com/files/473b084e-b122-4e8f-ba2e-b204ae24547f/ropirijeru.pdf
    • https://uploads.strikinglycdn.com/files/267d0fcd-dd90-4f60-9261-8ed62cb02f43/33549548919.pdf
    • https://uploads.strikinglycdn.com/files/364e4579-cd1a-4eed-9577-b8c36829e088/sweater_weather_acoustic_mp3_downloa.pdf
    • https://uploads.strikinglycdn.com/files/40ec9077-4df5-42d7-8245-a4068b6bcb13/rovidevizavigesonugazawu.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.