PDF malware analysis — malicious · 296e4fc6ae726b34

MALICIOUS

PDF

42.0 KB Created: 2021-09-06 15:16:44 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-01

MD5: 16232cc1f9005c2ad987216dc94a39ae SHA-1: 9da9a7db4f43dfc80b10b3c06f695d2f4cd1ba5e SHA-256: 296e4fc6ae726b349760bea2168a30582b7bc39417b1ec8687c3d28583c7d0e6

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is a PDF that contains an external URI pointing to a URL that appears to be a search result for a PDF. This suggests a phishing or social engineering attempt to trick the user into visiting a malicious site. The ClamAV detection as 'Pdf.Phishing.Trojan' further supports this assessment. No scripts were extracted from this sample.

Machine Learning

Nyx PDF Classifier suspicious score 0.3537

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://garglob.ru/uplcv?utm_term=tales+from+the+yawning+portal+white+plume+mountain+pdf PDF link annotation
- http://schubert-hh.de/image/file/wifarizelobokijij.pdfIn PDF document text
- http://discoveryenglish.org/wp-content/plugins/formcraft/file-upload/server/content/files/16074c19b3edd9---zogaze.pdfIn PDF document text
- http://ckpak.com/fckeditor/userfiles/file/86318006127.pdfIn PDF document text
- https://mintedimages.com/ckfinder/userfiles/files/migesatirusezodebakemumus.pdfIn PDF document text
- https://stijsr.com/userfiles/file/radobezilufikexenaku.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.