Malicious PDF — malware analysis report

Static analysis result for SHA-256 0ae049270989d74c…

MALICIOUS

PDF

79.1 KB Created: 2021-03-22 20:15:18 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: a8888264006fd8ccb199c8e737ca0960 SHA-1: b9388fadb5f3de609b2c7920170ea1f8f1c30e59 SHA-256: 0ae049270989d74c9edc014efa73e080b1e6c7fd0e52bec14621299765d89f5d
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF file was detected as malicious by ML classifiers and ClamAV, specifically flagged as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, likely intended to host or redirect to a malicious payload disguised as a magazine download. No scripts were extracted, but the overall structure and heuristics suggest a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7551

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://vilenefex.ru/award?keyword=bsc+magazine+august+2020+pdf+free+download
    • https://cdn.sqhk.co/fakupavod/UqbGjhW/sexizuronivejexelogubijo.pdf
    • http://freedate18.xyz/android_for_galaxy_s6qfco7.pdf
    • http://spiritstudio.ru/what_to_do_if_your_cat_eats_ribbon4zjie.pdf
    • http://ccckkkkk.space/21932060802lgr7e.pdf
    • https://cdn.sqhk.co/pevejotomoma/9srhdUy/cheap_live_chickens_for_sale_near_me.pdf
    • http://dkblogin-de.com/how_to_start_electronic_repair_shop86q15.pdf
    • http://item-get.top/95391887943q0sud.pdf
    • http://topplafond.xyz/am_i_sun_moon_or_risingdv60t.pdf
    • http://blacklaser.ru/mcgraw_hill_education_workbook_answers_spanishk8a1j.pdf
    • http://kefets.xyz/can_brain_cancer_make_you_angry96x0e.pdf
    • https://cdn.sqhk.co/govizanorev/BhdmjdK/quran_teacher_app_download.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • https://uploads.strikinglycdn.com/files/eb934aaa-59fb-45f9-aef7-3d637e04343e/18048422864.pdf
    • https://s3.amazonaws.com/nojemi/51908159258.pdf
    • https://b962d5b8-8819-42e3-9ba3-d95e8366760e.filesusr.com/ugd/f51585_f62be273927b46e6acf687720bb858bb.pdf?index=true
    • https://s3.amazonaws.com/somisilegex/negative_binomial_regression_vs_poisson.pdf
    • https://uploads.strikinglycdn.com/files/01e9ef34-19be-499d-a9e6-9a6e299222c7/will_there_be_a_new_percy_jackson_book.pdf
    • https://7e073981-ad1c-4081-8dc0-76946ba36063.filesusr.com/ugd/c4f63d_ad692cd164194dc29d64009586ea7814.pdf?index=true
    • https://f13dd0f9-fe0a-4257-a88d-d9af1a1cf0e3.filesusr.com/ugd/d954c5_1bab86010f2a4e97bcb2769ae1f8ea23.pdf?index=true
    • https://ee42ee57-4547-4a8c-8a66-6cccb7f6869d.filesusr.com/ugd/2a9ad2_ada849ee010a4ba2a5b5a34eeaafb350.pdf?index=true
    • https://s3.amazonaws.com/kakekojezutok/29460346601.pdf
    • https://s3.amazonaws.com/wolawatin/barbie_barbie_picture.pdf
    • https://uploads.strikinglycdn.com/files/a4ec4f5d-3a4e-4415-af4e-68cc3aa1ea08/best_words_to_describe_food.pdf
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00011571.bin
643cc758513f2395c47372c83701470ac33e64ab69a2cc5c7c5ba0ea41d0b89b		 pdf-font-stream PDF embedded font (sfnt) at offset 0x11571 5940 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.