Malicious PDF — malware analysis report

Static analysis result for SHA-256 061b58d857dac3a2…

MALICIOUS

PDF

57.2 KB Created: 2021-02-26 14:32:28 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-18
MD5: 3675fdf6a7e4ef55cf9fb61bb41f4814 SHA-1: a180208c2ec7fed3a305166b6450755af4629b38 SHA-256: 061b58d857dac3a261d409c0e3b3cb138ec3f20319996ccacbb164c6bf949357
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URL, which is a common tactic for phishing or malware distribution. The ML classifier and ClamAV detection strongly indicate maliciousness. The embedded URL likely leads to a malicious site designed to exploit the user or deliver a payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9507

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://druttle.ru/award?keyword=introductory+mathematical+analysis+for+business+economics+13th+edition+pdf PDF link annotation
    • https://cdn-cms.f-static.net/uploads/4463830/normal_60293b653c97d.pdfIn PDF document text
    • http://ruroraratotu.66ghz.com/call_of_duty_ghosts_size_pc.pdfIn PDF document text
    • https://cdn.sqhk.co/madagijoj/79D1gdV/fuzodamomit.pdfIn PDF document text
    • https://cdn.sqhk.co/seworani/dFuSih2/forest_wallpaper_iphone_background_white.pdfIn PDF document text
    • http://fugewad.rf.gd/mireregipexox.pdfIn PDF document text
    • https://s3.amazonaws.com/zedudo/pipotiji.pdfIn PDF document text
    • https://s3.amazonaws.com/lejivugeleguwod/11188801050.pdfIn PDF document text
    • http://funakadoni.rf.gd/battle_of_warplane_mod_apk.pdfIn PDF document text
    • https://s3.amazonaws.com/kexamoxusinixu/read_theory_answers_grade_5.pdfIn PDF document text
    • http://gitogopafo.epizy.com/south_african_antiretroviral_treatment_guidelines_2019.pdfIn PDF document text
    • http://setonan.rf.gd/tavoparu.pdfIn PDF document text
    • https://s3.amazonaws.com/nilafafakem/2061778262.pdfIn PDF document text
    • http://gagolugumetuvo.epizy.com/69199540298.pdfIn PDF document text
    • http://veguxakafopuvix.epizy.com/biochemistry_ebook.pdfIn PDF document text
    • http://tegewixu.epizy.com/64893516790.pdfIn PDF document text
    • http://bimomog.rf.gd/jupizigotumodir.pdfIn PDF document text