Malicious PDF — malware analysis report

Static analysis result for SHA-256 20e09c51efa2347e…

MALICIOUS

PDF

76.3 KB Created: 2021-03-28 16:36:57 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 990f90b2a17f8e163312fc36060ab961 SHA-1: 888db9bbdd55b310724aa97bfc1591620a8875a3 SHA-256: 20e09c51efa2347ea3e91f68c2844cfa665d8d96d6d5fcd6416b4ec68fbdb925
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to 'dugedepap.ru', which is a strong indicator of a phishing or malware distribution attempt. While no scripts were explicitly extracted, the PDF structure and embedded URLs suggest it's designed to trick users into navigating to a potentially harmful site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9235

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://dugedepap.ru/award?keyword=bss+telecom+pdf
    • http://dvestideyli.xyz/small_dutch_tool_chest_plansegj1b.pdf
    • https://cdn.sqhk.co/loxepafigav/hfd0F2S/paralyzed_diaphragm_treatment.pdf
    • https://cdn.sqhk.co/jimevexir/gTjihjH/93241581221.pdf
    • http://cetakchantek.com/63239073738rp5gk.pdf
    • https://cdn.sqhk.co/gasupewu/F7ifFmG/english_song_lyrics_for_caption.pdf
    • http://lolkek.xyz/430927525736qo4i.pdf
    • http://car-den.ru/what_is_new_classic_interior_design5ynw9.pdf
    • http://varnisvakq.ru/aiag_vda_fmea_free_downloadbq96b.pdf
    • https://cdn.sqhk.co/kodivitedi/hdEhgGU/30901362687.pdf
    • http://1xbet-football.fun/knights_of_the_old_republic_xbox_one_controls3z3em.pdf
    • http://wipunemobak.mygamesonline.org/42682474241.pdf
    • http://dirtygirl.fun/romantic_whatsapp_status_video_free_download_punjabivhawv.pdf
    • http://belldiscount.ru/dell_u2515h_displayportwb910.pdf
    • https://cdn.sqhk.co/wamiratena/gf8hfWC/93949903340.pdf
    • https://s3.amazonaws.com/gulapore/bushnell_telescope_manual_78-_9960.pdf
    • https://8a5a474a-a671-4857-921d-d1df0ee72544.filesusr.com/ugd/523716_6d020d90292e4b8595e40f9958fb4114.pdf?index=true
    • https://s3.amazonaws.com/jesidofefe/digitech_gnx3_review.pdf
    • http://bupalim.atwebpages.com/zavabakapajexumim.pdf
    • http://vumovofun.onlinewebshop.net/vesizigotireg.pdf
    • https://3bcdeb60-9876-4d14-bc0a-1dd1632c647c.filesusr.com/ugd/16a96a_f39659ebb9dc4b2cb41c5b9125e113d3.pdf?index=true
    • https://6cbe2f5c-748b-4bc6-b691-25a968a47885.filesusr.com/ugd/d6b5da_eade00ceb2f24f9a9af5890326b6dee1.pdf?index=true
    • https://s3.amazonaws.com/fujadabez/84600384906.pdf
    • http://gepafelixadu.onlinewebshop.net/jititogugepebopevakeboso.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.