PDF malware analysis — malicious · 03cb64769ae8823e

MALICIOUS

PDF

69.5 KB Created: 2021-04-04 20:34:37 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: d79b2e544b3463d6fc2055e290c4846d SHA-1: 767400f3f4b9dcadf2acd05015c0fe3121383274 SHA-256: 03cb64769ae8823ef466f2fa0d40c4797e995983d1b9cb7ac9b1681f8f35aa46

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.007 JavaScript

The file is identified as malicious by ClamAV with a signature indicating it's a phishing trojan. It contains an embedded URI pointing to 'nipisod.ru', which is likely a malicious domain used for phishing or distributing further payloads. The PDF structure and embedded URI suggest an attempt to trick users into visiting a harmful site.

Machine Learning

Nyx PDF Classifier suspicious score 0.4537

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://nipisod.ru/award?keyword=atlas+de+hematologia+clinica+clinical+hematology+atlas+pdf
- http://lnstagramsecurity.net/aprender_ingles_onlinelfhoq.pdf
- http://linukevaduze.iblogger.org/how_to_thread_a_kenmore_sewing_machine_model_148.pdf
- http://dmgameplan.com/sugamajewojovogitoxiv248v.pdf
- http://kmikaerfs.ru/wajitekufalc631c.pdf
- http://indir-kazan.com/beats_studio3_wireless_over_ear_headphones_-_whiteaeqb1.pdf
- http://moviesaddaa.online/alfa_romeo_159_parts_manualv26kd.pdf
- http://familyit.pro/wigodobalikupewolimaginhh.pdf
- http://kiviramezu.22web.org/dodge_durango_towing_capacity.pdf
- http://ipatovaalena.ru/gubizesoki5y8jy.pdf
- http://mixed-rootwork.com/super_speed_vpn_apkpuresqtxo.pdf
- http://komarovskii.xyz/juwozomudabamivinajubuzalmknr.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://cf336f9a-6a79-4542-9269-5b62d6eb69dd.filesusr.com/ugd/1daf83_fb5d27aaf5ba4fe28730997dd9ef72b9.pdf?index=true
- https://ba428ff1-d53d-4eb5-bdb2-cc960067f420.filesusr.com/ugd/7041e4_2d7677b2874d47b190fe9f3cfbdb4740.pdf?index=true
- http://zegukufi.epizy.com/six_sigma_yellow_belt_syllabus.pdf
- http://jinisobijeg.rf.gd/balanceamento_quimico_exercicios_resolvidos.pdf
- http://befokube.rf.gd/whens_the_next_coronavirus_review.pdf
- http://waboruvuvu.epizy.com/quantitative_aptitude_practice_papers.pdf
- http://sozejegisiwex.epizy.com/juxagan.pdf
- https://caf0f927-206f-4b4e-aa34-0dd3da53679b.filesusr.com/ugd/83d902_21cc19faa7be44d6a8f15ed8600a735b.pdf?index=true
- http://nimesirasono.rf.gd/tea_party_invites_templates_free.pdf
- https://0f8fedcd-12c0-4678-86f8-e2bff7269121.filesusr.com/ugd/70e7d4_811fbef1ab78462f88b968b6d5d35b16.pdf?index=true
- http://famifel.rf.gd/paratawakonibakegewubozel.pdf
- http://dufosulux.epizy.com/whats_the_best_free_calorie_counting_app.pdf
- http://scripts.sil.org/OFL

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off0000d4d1.bin` `dc5cdfd319322e3817000eba920455d9f6739a12622215a9d059eaf5b1eccbb1`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xD4D1	5352 bytes
`font_01_sfnt_off0000e6ee.bin` `339d3e72881da8e1b973553d6c949a8a35940c2129e8ec25deeaa954f6eb52c2`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xE6EE	10956 bytes
`font_02_sfnt_off00010aa5.bin` `05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x10AA5	4324 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.