Malicious PDF — malware analysis report

Static analysis result for SHA-256 153b8d99b7009e59…

MALICIOUS

PDF

56.1 KB Created: 2021-05-10 04:48:52 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: f67a9fbb1ec49734e34308af3c13380b SHA-1: 03c436edde53392017468b98cdb66e093ca4f248 SHA-256: 153b8d99b7009e59a28266230b6d062ccc5880721897efd045362d58898d6fca
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV and an ML classifier. It contains embedded URLs, one of which is presented as a lure for 'auto sync contacts gmail android'. Several other URLs point to PDF files hosted on compromised websites, suggesting a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7497

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://artmetinc.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607acde392cac---julonikolalisipikitisiso.pdf
    • https://earthideasawnings.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608a8ca450d74---18513071185.pdf
    • http://www.lavalledesign.com/wp-content/plugins/formcraft/file-upload/server/content/files/160772fbe74da1---68128939422.pdf
    • http://www.cuerpomenteyespiritu.es/wp-content/plugins/formcraft/file-upload/server/content/files/1607875a7503b3---88363273364.pdf
    • https://humantouchtranslations.com/wp-content/plugins/formcraft/file-upload/server/content/files/1/1606c96247942f---15717436306.pdf
    • http://www.kreasoft.mx/wp-content/plugins/formcraft/file-upload/server/content/files/160763242e56b4---28009190643.pdf
    • https://gccpay.net/wp-content/plugins/super-forms/uploads/php/files/694440f60b6a01ba81f9501942932477/99486617053.pdf
    • http://www.sunarpazarlama.com/wp-content/plugins/super-forms/uploads/php/files/oov2kog2niliqjt6fs3krc2hq7/babagokirawomisijiwezow.pdf
    • https://contabil-fiscal.ro/mm/file/45695960690.pdf
    • https://stagerightstaging.com/wp-content/plugins/super-forms/uploads/php/files/aa64d8f72e86a95a143ae15f3b2919f3/21403053253.pdf
    • http://aprendanow.com/wp-content/plugins/super-forms/uploads/php/files/54154826cba56a10cd1ce454354f5701/bubexe.pdf
    • http://amandamaitland.com/images/file/laxojuvama.pdf
    • http://redwoodpwr.com/wp-content/plugins/super-forms/uploads/php/files/nspoq7gi8j15oobqg8fnes2js1/98293558468.pdf
    • http://caribsplash.org/wp-content/plugins/formcraft/file-upload/server/content/files/16096c7b13f322---14661593755.pdf
    • http://www.nisbd.com/wp-content/plugins/formcraft/file-upload/server/content/files/16093a2a4935c4---tobinujosolujagirekufi.pdf
    • https://www.straightmyteeth.com/wp-content/plugins/super-forms/uploads/php/files/d02d38007307277adeff6fb3c799806a/49890069561.pdf
    • https://directprocessors.com/wp-content/plugins/formcraft/file-upload/server/content/files/16093cd44cfd2c---gavikekebisipelinunuzo.pdf
    • http://www.kinoimaging.nl/wp-content/plugins/formcraft/file-upload/server/content/files/1607f3e7664314---mojoz.pdf
    • https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/3CAf4wW3hvY/uplcv?utm_term=auto+sync+contacts+gmail+android

Open this report in the interactive analyzer, or submit your own file for analysis.