Malicious PDF — malware analysis report

Static analysis result for SHA-256 ff7b51829192fe7d…

MALICIOUS

PDF

17.6 KB Created: 2020-10-24 02:02:09 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-05
MD5: ea0f24c6930f2ca5365cd557483fe34b SHA-1: c31614b680641a360c23c946af18f16234e75ca0 SHA-256: ff7b51829192fe7ddeb5cf3b07372d27a8571854ca0f914c52e741e524287121
92 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a critical heuristic firing indicating a link to known malicious redirector infrastructure. The embedded URL `https://ttraff.cc/aws?keyword=css+code+annex+13+pdf` is the primary indicator of malicious intent. While no scripts were explicitly extracted, the nature of the redirector suggests a phishing or malware delivery attempt, aligning with the Spearphishing Attachment technique.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9983

Heuristics 2

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ttraff.cc/aws?keyword=css+code+annex+13+pdf In PDF document text
    • https://cdn-cms.f-static.net/uploads/4366366/normal_5f8a1482188b0.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4379220/normal_5f8d6592f0dd1.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4383165/normal_5f9162f283c19.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4385010/normal_5f93526b18700.pdfIn PDF document text
    • https://s3.amazonaws.com/wewuxuviwar/bagibezasijulosipanijatu.pdfIn PDF document text
    • https://s3.amazonaws.com/fotojipifuzitul/78548224529.pdfIn PDF document text
    • https://s3.amazonaws.com/xifabilejilab/certificat_vente_voiture.pdfIn PDF document text
    • https://s3.amazonaws.com/leguvefu/breach_of_contract_meaning.pdfIn PDF document text
    • https://s3.amazonaws.com/xanebavifamopez/income_tax_amendments_for_ay_2019_20_icai.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/257532b8-b6c9-4313-a9a9-0fed32a5660d/47552286073.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/a5fce58c-2e96-47ac-ab40-817c699875dc/ruvuxirorejovibezemokaj.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/c1aa94bf-c958-42ae-bdde-70fc1e89827b/pukasakujemovukujaminupi.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/6f4d039c-4e05-4bbf-8514-e04250ecaa49/77979427585.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/57b9dd48-71aa-40f4-b6fc-c32d396bbad1/47253276884.pdfIn PDF document text
    • https://s3.amazonaws.com/dorobukasawituw/78316570679.pdfIn PDF document text
    • https://s3.amazonaws.com/zemigiduwagafu/35384256899.pdfIn PDF document text
    • https://s3.amazonaws.com/ligole/96353391889.pdfIn PDF document text
    • https://s3.amazonaws.com/henghuili-files2/anatomy_nervous_system_test_questions.pdfIn PDF document text
    • https://s3.amazonaws.com/susopuzupure/mefisufepinetave.pdfIn PDF document text
    • https://s3.amazonaws.com/zonivezada/b._a._m._s_syllabus.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.