PDF malware analysis — malicious · 1b6b6ecdafb6b570

MALICIOUS

PDF

44.3 KB Created: 2021-09-11 03:22:58 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-14

MD5: fd3c7313ae31d8f5efabdfb2b6eaf4eb SHA-1: 9ad4c609907809f6e9f666af0a7db48b87981cbe SHA-256: 1b6b6ecdafb6b570f0bc80865193d8553793996541ee628c14c1ed0df6c61ec3

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a critical heuristic firing for PDF phishing. It contains an embedded URI that points to a URL which, despite being labeled as confirmed benign, is associated with the malicious detection. The PDF structure and the presence of an external URI suggest an attempt to redirect the user to a potentially harmful site, likely for phishing or further malware delivery.

Machine Learning

Nyx PDF Classifier suspicious score 0.3624

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/FevRqgeaUVY/uplcv?utm_term=how+to+delete+downloads+on+android PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.