Malicious PDF — malware analysis report

Static analysis result for SHA-256 2a757a1e789e833d…

MALICIOUS

PDF

70.7 KB Created: 2021-09-21 01:51:26 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3)
MD5: 70c6682d3ddfd24e5f66f68ef214581a SHA-1: efa9d172dc506f056f5dac67dffad3c8f29b3147 SHA-256: 2a757a1e789e833d608f2ed939821ac790aceef22a6457cfac74f1f3a8ba0a19
84 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file is identified as a phishing lure due to its image-only nature and embedded clickable link, a common tactic for distributing malware or conducting phishing attacks. The ClamAV detection further supports its malicious classification. Although no scripts were explicitly extracted, the PDF structure and embedded URI suggest an attempt to redirect the user to a malicious site, likely for further exploitation.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.4680

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 70 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://condosworld.com/abisol1/userfiles/files/98455830718.pdf
    • https://snowcat.pl/admin/ckfinder/userfiles/files/limegiderunozetutixog.pdf
    • http://www.hj-bouwt.be/wp-content/plugins/formcraft/file-upload/server/content/files/161345bf00bef7---24544723522.pdf
    • http://xn--80aaffebba2apgigwiiececnggk9e4k.xn--p1ai/pict/file/23398418770.pdf
    • http://silver1979.com/upload/file/lobigedow.pdf
    • http://geology.ie/wp-content/plugins/formcraft/file-upload/server/content/files/16140ca585b040---xepanoderenedarefi.pdf
    • https://jpjplumbingandheating.com/FCKeditor/file/42955259939.pdf
    • https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/3vuEKuznOb8/uplcv?utm_term=windows+10+update+to+11

Open this report in the interactive analyzer, or submit your own file for analysis.