PDF malware analysis — malicious · 1e25592b92a89ff9

MALICIOUS

PDF

37.3 KB Created: 2021-02-11 17:55:56 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-07-07

MD5: 34d3e7d94a2d6a598bb2308d0c22bbf2 SHA-1: d41de6526338a5e7b01ee01a2f5c179ceb6ba825 SHA-256: 1e25592b92a89ff986e07a67207e1aa37eaf290c7a305b46d1312d2fcaec9625

152 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file contains a link to a known malicious redirector, which is designed to lead users to potentially harmful websites. The embedded text suggests a lure related to game maps, likely to entice clicks. The ML classifier and ClamAV detection further support the malicious nature of this document.

Machine Learning

Nyx PDF Classifier malicious score 0.5656

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://crophysi.ru/wb?keyword=beamng%20drive%20maps%20free In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.