PDF malware analysis — malicious · 1a5c192e06873358

MALICIOUS

PDF

54.6 KB Created: 2021-09-23 20:19:15 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3)

MD5: 99e16e5d39f3c15782cc39e5b94f72e6 SHA-1: bc32c6eebfbaa2df43d22f2d70aeef55b41f9c77 SHA-256: 1a5c192e06873358faf2e3a04d55e48908e090b11501559f1159940753ad8a1d

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a signature indicating it is a phishing trojan. The PDF contains embedded URLs, one of which is a confirmed benign Google feed, but others point to suspicious PDF files hosted on various domains. The document body is heavily obfuscated, preventing a clear understanding of its direct content, but the presence of these links suggests a phishing or credential harvesting attempt.

Machine Learning

Nyx PDF Classifier suspicious score 0.4500

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://i-akparat.kz/ckfinder/userfiles/files/46932584533.pdf
- https://abisspaandboutique.com/nbloom/fckuploads/file/90474205642.pdf
- http://tcihk.com/userfiles/lenim.pdf
- http://swancentive.com/cote_dor_import/admin/ckfinder/userfiles/files/zonaduworakomewuteli.pdf
- https://paperland.bg/uploads/file/xirulepipavago.pdf
- http://wskinbody.com/data/boardData/files/81993019423.pdf
- https://feedproxy.google.com/~r/Uplcv/~3/3vuEKuznOb8/uplcv?utm_term=android+missing+app+icon

Open this report in the interactive analyzer, or submit your own file for analysis.