Malicious PDF — malware analysis report

Static analysis result for SHA-256 195bb37cea1e9c39…

MALICIOUS

PDF

65.1 KB Created: 2021-02-26 18:37:01 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-14
MD5: fe5ebb2929da1b3ca0e742886b3d1c35 SHA-1: 9e8b5763939f92d228b68b7b31053dd041c37a7e SHA-256: 195bb37cea1e9c3953c7234a8fdbd560fbbcc8a28da7decb954a2b867511a2f9
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains an embedded URI that redirects to a suspicious domain, likely a phishing lure. ClamAV detection and ML classification confirm its malicious nature. Although no scripts were extracted, the presence of external URIs and the overall detection suggest a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7290

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://leonvi.ru/award?keyword=how+to+light+a+coleman+evcon+furnace PDF link annotation
    • https://static.s123-cdn-static.com/uploads/4418781/normal_60032be3c65ee.pdfIn PDF document text
    • http://playmarket-online.com/perspectives_intermediatetc9yu.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4422637/normal_5fe4f6bd5e27f.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4470228/normal_5ff59d561407e.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4371269/normal_5ff75a6609f91.pdfIn PDF document text
    • http://cuzinfo.ru/dark_souls_wallpaper_4k_iphonek6yyy.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4418381/normal_6024cf072071d.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4425784/normal_5ff709fe2f629.pdfIn PDF document text
    • http://idealica-italy.site/60349888127pku5t.pdfIn PDF document text
    • http://lnstagramverifiedbadge-media.com/legesimipipamafivcdda.pdfIn PDF document text
    • http://raisinslabs.club/781288232711gkg5.pdfIn PDF document text
    • http://anarchymedya.com/jutevefekebkezmj.pdfIn PDF document text
    • http://mosebuzixat.mywebcommunity.org/mtd_46_inch_mower_deck_parts.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.