MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains an embedded link that points to a known malicious redirector infrastructure. This suggests the document is designed to lure the user to a potentially harmful website. The file was generated by wkhtmltopdf, which can sometimes be used to package malicious content.
Heuristics 2
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://botcraftman.ru/?lip&keyword=%D1%81%D0%B5%D1%80%D0%B2%D0%B5%D1%80+%D1%82%D0%B5%D1%80%D0%BC%D0%B8%D0%BD%D0%B0%D0%BB%D0%BE%D0%B2+%D0%BD%D0%B0+windows+xp&charset=utf-8
- http://img0.liveinternet.ru/images/attach/c/7//4772/4772002_dogovor__bezvozmezdnogo__polzovaniya_.pdf
- http://img1.liveinternet.ru/images/attach/c/7//4771/4771939_tanki__onlayn__chit_.pdf
- http://img1.liveinternet.ru/images/attach/c/7//4771/4771984_adobe__acrobat__x_.pdf
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000527f0.bin6e599a8febbc6163d9f0a295d10d14601d4f8adfb982600c72944ed6533ad430 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x527F0 | 9068 bytes |
font_01_sfnt_off00054155.binf4d217e3cd5f32adec31cf8ca05d31c9e83ddc66affde47f0f11ec4f9aa2b4a2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x54155 | 15792 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.