PDF malware analysis — malicious · 1caa5e2d0f95af35

MALICIOUS

PDF

333.6 KB Created: 2021-06-30 06:09:53 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-15

MD5: 2ccf77bedea7905ca13113568483bca2 SHA-1: 5e6630482b0a0e672586aa4892cbab78945b642e SHA-256: 1caa5e2d0f95af354fc99d8fa822146b8432b6b020d9738d6c81c948edcc442d

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file was identified by ClamAV as Pdf.Phishing.Trojan, strongly suggesting its use in phishing campaigns. The presence of an external URI, although marked as benign, is consistent with the redirection or landing page typically used in such attacks. The document body is heavily obfuscated and does not provide further actionable content.

Machine Learning

Nyx PDF Classifier clean score 0.1167

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/skout/mBVl/~3/BkSY9tpko7c/uplcv?utm_term=courtship+letter+a+to+z PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.