PDF malware analysis — malicious · 15620e49f37bcf0f

MALICIOUS

PDF

117.9 KB Created: 2021-07-21 21:13:49 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-05

MD5: 2921b78a639df9e6c6ff9e2b9310c0ea SHA-1: 6295de542bfc7ae393f098de2bc54ab1c073b79c SHA-256: 15620e49f37bcf0f5458f7783b41609cc79f1aa0cafacc817085fbebca0ae0a8

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The ClamAV heuristic 'Pdf.Phishing.Trojan' strongly indicates a phishing or trojanized PDF. The presence of multiple embedded URLs, some pointing to suspicious domains, further supports this. Although no scripts were explicitly extracted, the PDF structure and embedded URIs suggest an attempt to lure users to malicious sites, likely for credential harvesting or malware delivery.

Machine Learning

Nyx PDF Classifier suspicious score 0.3933

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://zeminyerkaplama.com/upload/ckfinder/files/65324247945.pdf In PDF document text
- https://mamproducciones.es/wp-content/plugins/formcraft/file-upload/server/content/files/16084d0cb8dfe4---jitod.pdfIn PDF document text
- http://www.gcsystem.pl/wp-content/plugins/formcraft/file-upload/server/content/files/160794755bea8e---dolodezevamelubibik.pdfIn PDF document text
- https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/ngfLrbzwjls/uplcv?utm_term=harry+potter+and+the+philosopher%27s+sorcerer%27s+stonePDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.