PDF malware analysis — malicious · f3d104b2bbe7e509

MALICIOUS

PDF

16.0 KB Created: 2020-10-26 16:33:35 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: 08d877b7656d4cb5c2bf37eff8c76b2b SHA-1: ffc59bd07b1e35783f99db872d2f06cfc5d16363 SHA-256: f3d104b2bbe7e509bb93a75a4473f89e17467966b19f7bfae1b00249c9d90cd2

92 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a malicious redirector link pointing to 'https://cctraff.ru/123?keyword=trastorno+mental+transitorio+pdf'. The ML classifier also flagged this PDF with high confidence. Although no scripts were explicitly extracted, the nature of the redirector suggests an attempt to lure the user to a malicious site, likely as part of a phishing or malware delivery scheme.

Machine Learning

Nyx PDF Classifier malicious score 0.9937

Heuristics 2

PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://cctraff.ru/123?keyword=trastorno+mental+transitorio+pdf

Open this report in the interactive analyzer, or submit your own file for analysis.