PDF malware analysis — malicious · 07c2dd7de5887936

MALICIOUS

PDF

127.6 KB Created: 2021-07-26 14:50:58 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-04

MD5: dcc6fb0ab0369e7ee2ec4f5d0a3ed0ff SHA-1: 1a633d352a102a1dda45349876763aa3c4ff708d SHA-256: 07c2dd7de588793601b80c99dd7bff0aa19a65485af1d4ce94fadf46b050367b

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a 'Pdf.Phishing.Trojan' signature. It contains an embedded URL that points to a potentially malicious domain, suggesting a phishing or malware distribution attempt. No scripts were extracted, but the presence of a malicious URL and the ClamAV signature strongly indicate a phishing attack pattern.

Machine Learning

Nyx PDF Classifier clean score 0.1317

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://lawpropertyconsultants.co.uk/wp-content/plugins/super-forms/uploads/php/files/m471r7ea1tiedjr3lvbdeuc2cr/45031743015.pdf In PDF document text
- https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/zMnd8XtcwSM/uplcv?utm_term=libros+harry+potter+coleccion+espa%C3%B1olPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.