Malicious PDF — malware analysis report

Static analysis result for SHA-256 3381bcfbcaaaaaca…

MALICIOUS

PDF

61.3 KB Created: 2021-03-22 20:09:25 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 047b157f1211c42f42e801487a039a79 SHA-1: e3cdd86a50ccd5ba70de96897d1f0def3452877d SHA-256: 3381bcfbcaaaaaca01bb6533220decd966bba27ca2c2e0453b9eff1cb8c6f489
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a signature indicating phishing and trojan behavior. It contains an embedded URI pointing to a suspicious domain, likely intended to host a malicious payload or redirect the user to a phishing site. The document body, though heavily obfuscated, suggests a lure related to a cello PDF, aligning with the embedded URI's keyword.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.4988

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gimoguvi.ru/award?keyword=amazing+grace+cello+pdf
    • https://cdn.sqhk.co/sunalikefazo/gjOhehd/20611424725.pdf
    • https://cdn.sqhk.co/leluforeref/fqNhjid/dimukanupizoxi.pdf
    • https://cdn.sqhk.co/kubabulukod/BhdVjem/sanatovenen.pdf
    • https://uploads.strikinglycdn.com/files/7d0b2199-911f-4c5c-b90e-285aa2fa202d/41539173676.pdf
    • http://wewonak.rf.gd/7329524683.pdf
    • https://s3.amazonaws.com/kumasala/susupuvazezawonepifimet.pdf
    • https://uploads.strikinglycdn.com/files/a6605736-b30a-4230-bb62-594971dd10e0/74646422006.pdf
    • https://uploads.strikinglycdn.com/files/66005b9c-7f49-4575-829a-db25f9ed5853/remilutofegokimige.pdf
    • https://uploads.strikinglycdn.com/files/f070c4bd-4ebc-40da-bb2f-7ac8505177a9/my_paint_by_numbers_for_adults_amazon.pdf
    • http://mavujotok.epizy.com/6871706764.pdf
    • https://uploads.strikinglycdn.com/files/a532e7c1-db9f-44f1-8ee1-770400d872e4/how_to_write_a_decimal_in_hundredths.pdf
    • http://gigufapaw.epizy.com/build_v3_form.pdf
    • https://uploads.strikinglycdn.com/files/6120ec81-7a48-4eda-9162-ceb1d51d4c49/47393031496.pdf
    • https://uploads.strikinglycdn.com/files/ad17d891-7d7d-4b94-a527-ceef3b198ae2/grant_morrison_pop_magic.pdf
    • http://ditiruvovuluka.epizy.com/tunizidusugetibasufumufi.pdf
    • https://s3.amazonaws.com/bisapovepizaj/coleman_catalytic_heater_model_5029.pdf
    • https://s3.amazonaws.com/febopa/51275885541.pdf
    • https://s3.amazonaws.com/jovekus/55471559232.pdf
    • https://uploads.strikinglycdn.com/files/f03d6b66-3d39-46f3-be45-cc61227e9f30/systems_analysis_and_design_an_object-oriented_approach_with_uml_6th_edition.pdf
    • https://s3.amazonaws.com/dudigonifu/bsaci_allergic_rhinitis_guidelines.pdf
    • https://uploads.strikinglycdn.com/files/7e05a124-65ea-4ce2-afdc-37d87f19dcfb/how_to_install_kenmore_oven_heating_element.pdf
    • https://uploads.strikinglycdn.com/files/8c678dd7-3340-4387-828d-b72f6abb9a4a/kowabazujil.pdf
    • https://uploads.strikinglycdn.com/files/7351ed60-beed-4c7b-97d2-a88119265c9f/wotujufunotodikivajikivan.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.