Malicious PDF — malware analysis report

Static analysis result for SHA-256 15da60e712b35a57…

MALICIOUS

PDF

58.6 KB Created: 2021-01-04 10:45:27 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 1b7b8cd3599404ef4b85cbb3cd6b98f8 SHA-1: 76f46a150ada32c1eba25023f146090ad97485ac SHA-256: 15da60e712b35a57e710c0aa97795f1551221f3d6f164fe9570d85249f1bad6e
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains an embedded URI pointing to a suspicious domain, which is a strong indicator of a phishing or malware distribution attempt. ClamAV detection and ML classification further support its malicious nature. The document body, though heavily obfuscated, contains strings related to software and device names, likely part of a lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9430

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://trafffe.ru/aws?utm_term=uc+browser+java+nokia+asha+210
    • https://cdn-cms.f-static.net/uploads/4426271/normal_5fd1d5305793d.pdf
    • https://static.s123-cdn-static.com/uploads/4493209/normal_5fe047bc7072d.pdf
    • https://cdn-cms.f-static.net/uploads/4403937/normal_5f9161b706819.pdf
    • https://cdn-cms.f-static.net/uploads/4367633/normal_5f8cec0ae4e36.pdf
    • https://cdn.sqhk.co/samidabaxik/nVjg9x6/free_survival_battleground_fire_battle_royale_gameplay.pdf
    • https://cdn.sqhk.co/mapelimujeku/rjehbjc/xewenomin.pdf
    • https://static.s123-cdn-static.com/uploads/4448137/normal_5fcc738765f94.pdf
    • https://s3.amazonaws.com/baxunaf/wokemezefigabozaborezamur.pdf
    • https://s3.amazonaws.com/fosawef/seamless_bible_study_answers_session_3.pdf
    • https://s3.amazonaws.com/polojuliragam/seiko_chronograph_manual.pdf
    • https://s3.amazonaws.com/lovetijif/repanolujebulugigusod.pdf
    • https://s3.amazonaws.com/tagorarib/suffern_high_school_nurse.pdf
    • https://s3.amazonaws.com/jasipefulaxiduj/ros_cheat_anti_report.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.