PDF malware analysis — malicious · 1413e21ba1718345

MALICIOUS

PDF

47.6 KB Created: 2021-08-02 06:42:04 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-02

MD5: 6f930c46823947ea86494776f10a6ea0 SHA-1: 58db10961ebe85aec36113b2656283db0eba2044 SHA-256: 1413e21ba1718345d46f10e7b931226078bd23bed01acde317343fc1277f9314

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a specific signature indicating phishing and trojan behavior. It contains an embedded URI pointing to a URL that, while flagged as benign by the URL scanner, is associated with the malicious PDF. The PDF structure itself suggests it's generated by wkhtmltopdf, which can be used to create malicious documents. No scripts were extracted from this sample.

Machine Learning

Nyx PDF Classifier suspicious score 0.3862

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/GLLx1DTH0VQ/uplcv?utm_term=how+to+install+schlage+keypad+lock PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.