Malicious PDF — malware analysis report

Static analysis result for SHA-256 1caa5e2d0f95af35…

MALICIOUS

PDF

333.6 KB Created: 2021-06-30 06:09:53 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-15
MD5: 2ccf77bedea7905ca13113568483bca2 SHA-1: 5e6630482b0a0e672586aa4892cbab78945b642e SHA-256: 1caa5e2d0f95af354fc99d8fa822146b8432b6b020d9738d6c81c948edcc442d
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was identified by ClamAV as Pdf.Phishing.Trojan, strongly suggesting its use in phishing campaigns. The presence of an external URI, although marked as benign, is consistent with the redirection or landing page typically used in such attacks. The document body is heavily obfuscated and does not provide further actionable content.

Machine Learning

  • Nyx PDF Classifier clean score 0.1167

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/skout/mBVl/~3/BkSY9tpko7c/uplcv?utm_term=courtship+letter+a+to+z PDF link annotation