PDF malware analysis — malicious · 0e774b3adc0eebe9

MALICIOUS

PDF

42.2 KB Created: 2021-08-02 15:56:10 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-07

MD5: ad9895c9f208b4c85585ba1c4c310650 SHA-1: 9368b8edebbeee80617260f3f645f34562754e4f SHA-256: 0e774b3adc0eebe9231a7d08ff2b5bf3c010688556d46fc42e616f84812a06d4

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is a PDF document identified by ClamAV as a phishing trojan. It contains an embedded URI pointing to a suspicious URL, which is likely intended to host malicious content or redirect the user to a phishing site. The PDF structure and embedded URI suggest an attempt to trick users into clicking the link, potentially for credential harvesting or malware delivery.

Machine Learning

Nyx PDF Classifier suspicious score 0.3563

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://cructi.ru/uplcv?utm_term=intlo+deyyam+nakem+bhayam+telugu+movies+full+movies PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.