Malicious PDF — malware analysis report

Static analysis result for SHA-256 05bf988efeeaf079…

MALICIOUS

PDF

62.7 KB Created: 2021-03-06 18:41:56 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 93b6a2cc2fed8c089a8c60789b431b05 SHA-1: b530d1f14e945e9416645d476527de0fd98792bc SHA-256: 05bf988efeeaf079a35cd9a54d267ab8be219d9fb2e0de4f3ea6d0f985b8c486
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains an embedded URI pointing to a suspicious domain, which is a strong indicator of a phishing or malware distribution attempt. The ML classifier and ClamAV detection further support its malicious nature. The document body, though heavily obfuscated, suggests a lure related to product information, likely to entice users to click the malicious link.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7400

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://midufefew.ru/award?keyword=sig+p226+rail+light
    • http://letgtma.bid/gitubasafumumz78n.pdf
    • http://vimobewawulipiz.mypressonline.com/bedaronedadokuzemazo.pdf
    • https://cdn-cms.f-static.net/uploads/4365545/normal_6032472d61e38.pdf
    • https://cdn-cms.f-static.net/uploads/4389821/normal_5fd2d0555089d.pdf
    • http://medyayazilimtr.com/949492806590vzv7.pdf
    • https://s3.amazonaws.com/gonima/gamavupab.pdf
    • https://s3.amazonaws.com/jojitagifuva/amnesia_machine_for_pigs_free.pdf
    • https://uploads.strikinglycdn.com/files/6d1bab10-2791-412c-bc5f-5eb10a52e4ac/32141036898.pdf
    • https://uploads.strikinglycdn.com/files/7ac83c7a-b976-44fb-866b-c3401d44a6c8/93720042497.pdf
    • https://s3.amazonaws.com/sefabe/ng_dng_unikey_4._0_rc2.pdf
    • https://s3.amazonaws.com/jasadavebaga/80880351386.pdf
    • https://uploads.strikinglycdn.com/files/e998ec12-5ba6-43e5-b9e2-860b0fc85204/lord_of_the_rings_book_3_chapter_1_summary.pdf
    • http://molagegivijoxu.onlinewebshop.net/11321947246.pdf
    • https://uploads.strikinglycdn.com/files/dcb87044-3741-48a3-8b0c-019f649f7558/10195839844.pdf
    • https://uploads.strikinglycdn.com/files/4b0de5a5-f62c-42a7-9e60-9e4ae8162bb6/17336871114.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.