PDF malware analysis — malicious · 01102bef81cb6605

MALICIOUS

PDF

58.4 KB Created: 2021-03-10 04:39:59 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-11-22

MD5: 410a4fe6357e28b82ea0fcb0420dd604 SHA-1: c3ba3b6d1085d172a8dfb95e6ae1daf560524427 SHA-256: 01102bef81cb6605f20395bcc7ae3d74d63c725f71d0e5a8ca830b7d9e41daa1

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file was detected as malicious by ML classifiers and ClamAV, specifically identified as a phishing trojan. It contains an embedded URI pointing to the suspicious domain 'jumiwimov.ru', which is likely used to deliver a secondary payload or conduct phishing activities. The document body, though heavily obfuscated, appears to reference product details, suggesting a lure to entice users to click the malicious link.

Machine Learning

Nyx PDF Classifier malicious score 0.6058

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://jumiwimov.ru/aws?utm_term=alesis+dm10+mkii+pro+bundle+electronic+drum+set PDF link annotation
- https://cdn-cms.f-static.net/uploads/4446045/normal_6014fb94df778.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4408713/normal_5fd77b82ee6e8.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4369786/normal_5ff65e3497b33.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4410418/normal_601183d85f139.pdfIn PDF document text
- https://s3.amazonaws.com/rurovikejigibu/lexus_rx_350_f_sport_used_2017.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c0a75d8f-abb4-494a-85a8-77210eceb8f6/53416250849.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/26ece28a-dfca-4d40-ab16-1b963422945a/blender_face_modeling_tutorial.pdfIn PDF document text
- https://s3.amazonaws.com/wuvepilamamuse/glass_antiqua_regular_font_free.pdfIn PDF document text
- https://s3.amazonaws.com/muvojugejoxip/41524483984.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9732b6ee-b9d4-49f5-8a2a-6c3b3e64f953/19007620069.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1ccd164e-ca2b-4325-90e2-66af9531e01e/ludupuwojojinekodu.pdfIn PDF document text
- https://s3.amazonaws.com/jukezeluf/bunumagigosuvirulerapuwek.pdfIn PDF document text
- https://s3.amazonaws.com/zatasipezeg/is_color_psychology_real.pdfIn PDF document text
- https://s3.amazonaws.com/tutasujal/genogram_template_maker_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0df6a9ab-564d-4868-b95f-227d87697a6f/dolizezex.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f2b7d822-6f31-4df3-9003-1e7f7fc5685c/girl_interrupted_daisy_chicken.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9c59ad14-1fad-45d5-bd07-e3079e026be6/description_of_j_alfred_prufrock.pdfIn PDF document text
- https://s3.amazonaws.com/dobikasukavu/xifasirexi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/94bc723a-0489-4465-9bfb-d63511a50c97/linoxozinet.pdfIn PDF document text
- https://s3.amazonaws.com/dukavunivifa/anne_catherine_emmerich_quotes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a739b483-0826-4c30-8a7f-7168d3e363dd/gabiliguletidexula.pdfIn PDF document text
- https://s3.amazonaws.com/rurosaveruk/47121547541.pdfIn PDF document text
- https://s3.amazonaws.com/xukonakefules/44596107632.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.