PDF malware analysis — malicious · 1c80ed60e2f1f22c

MALICIOUS

PDF

49.6 KB Created: 2020-12-11 16:15:26 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: a3acba0aca610db5307bf9c0b4e8b22a SHA-1: 29587ca88597c76882ffec002579190404cdaacd SHA-256: 1c80ed60e2f1f22ce467dfdf61506720a86f916ad0a34c3d5e0dec4c69e2126b

114 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

This PDF is identified as malicious by ClamAV and an ML classifier, and exhibits characteristics of a phishing lure. It contains a single image and minimal text, suggesting a visual deception to encourage user interaction. The embedded URL likely serves as the next stage of the attack, potentially leading to credential harvesting or further malware delivery.

Machine Learning

Nyx PDF Classifier malicious score 0.6121

Heuristics 4

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 49 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://trafficel.ru/aws?utm_term=sensory+neurons+carry+information+to+the+brain

Open this report in the interactive analyzer, or submit your own file for analysis.