Malicious PDF — malware analysis report

Static analysis result for SHA-256 f593929c4066730e…

MALICIOUS

PDF

41.6 KB Created: 2020-12-17 21:46:01 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-05
MD5: ea1109093ded3ab291b272c49b1c74e0 SHA-1: b4cc9d326b46eb681c56fbcddb558f8e4349b350 SHA-256: f593929c4066730e8405ac25d92aff3f4757b1c9037f945d1b8bc41932b6f699
152 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a link to a known malicious redirector, traffmen.ru, which is a strong indicator of phishing or malware distribution. The document body, though heavily obfuscated, suggests a lure related to free Android game downloads, a common tactic for distributing malicious applications. The ML classifier and ClamAV detection further support the malicious nature of this file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9297

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffmen.ru/aws?utm_term=basketball+games+for+android+apk+free In PDF document text
    • https://cdn-cms.f-static.net/uploads/4403404/normal_5f95684155703.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4414169/normal_5fafe7e9bd4db.pdfIn PDF document text
    • https://s3.amazonaws.com/nuruvapozixix/95615730466.pdfIn PDF document text
    • https://s3.amazonaws.com/petikamov/spanish_preterite_worksheet_ar.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/ab9047d4-ff3b-4bfe-96bb-9c26113aca66/will_a_ducks_quack_echo.pdfIn PDF document text
    • https://s3.amazonaws.com/zemigiduwagafu/oecd_guidelines_for_acute_toxicity_studies_ppt.pdfIn PDF document text
    • https://s3.amazonaws.com/likerajatob/50591094369.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/478bd6ca-61ef-4853-bc73-00d2eafb055d/skyrim_a_la_recherche_dune_rvlation.pdfIn PDF document text
    • https://s3.amazonaws.com/jiwisigetizoxif/34104570171.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/a239670d-cbfb-4e64-9142-7d53f5c8127e/32977735811.pdfIn PDF document text
    • https://s3.amazonaws.com/wisuw/aankhen_teri_kitni_haseen_lyrics.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/9aed02e1-68ae-4fef-9500-21d1954b82d8/44341335524.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/94a87ee7-976b-49c3-b97c-7d2b39019f86/xukerugugodejokinonu.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/181c4472-62e8-4e01-b86b-7c6cf3c63a0e/4155966973.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.