Malicious PDF — malware analysis report

Static analysis result for SHA-256 339c71de296e3858…

MALICIOUS

PDF

53.7 KB Created: 2021-02-24 09:50:34 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-14
MD5: ac1040cad374bedf7218497e69651629 SHA-1: dc713ce7fff6f0606d17f00f5d01fd2a3b16bc0a SHA-256: 339c71de296e38585f4d516924b18b7a5f7c48d16f9e29177cdce27ea03ad685
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF file contains an embedded URL that directs users to a phishing lure disguised as a Google Chrome Flash Player update. This is a common tactic to trick users into downloading malicious content or providing sensitive information. The ClamAV detection and ML classifier further support its malicious nature, indicating it's likely a phishing trojan.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8182

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://leonvi.ru/strik?utm_term=google+chrome+flash+player+after+december+2020 PDF link annotation
    • https://cdn.sqhk.co/vaxarogajib/gqxlECk/should_you_answer_potential_spam_calls.pdfIn PDF document text
    • https://cdn.sqhk.co/gaxozamikoge/FUlgcz3/56277848926.pdfIn PDF document text
    • https://cdn.sqhk.co/lupobikud/jhjG2hh/59120994467.pdfIn PDF document text
    • https://cdn.sqhk.co/pevipulakas/8HPgiKr/helicopter_crash_california_firefighter.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4417138/normal_5fdc346d5573c.pdfIn PDF document text
    • https://cdn.sqhk.co/wobuwaseja/0geiiJ6/mukukesujojagufaf.pdfIn PDF document text
    • https://cdn.sqhk.co/jofijoju/jgdiejb/best_digital_marketing_books_for_beginners_2020.pdfIn PDF document text
    • https://cdn.sqhk.co/jeforije/M2haXhj/identity_vs_role_confusion_movie_examples.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4473622/normal_5ff3d3667ab92.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4477155/normal_601da3542b263.pdfIn PDF document text
    • https://cdn.sqhk.co/fugolamudara/bGgiMat/21346673266.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4499635/normal_5fe6d50f49eba.pdfIn PDF document text
    • https://cdn.sqhk.co/sijiposago/gBgdghk/14581523858.pdfIn PDF document text
    • https://cdn.sqhk.co/paweboke/7hcieji/best_buy_ninja_air_fryer_xl.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4370265/normal_6015d2b06e45e.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://s3.amazonaws.com/rikolesafuwofar/jexalitoranimobifu.pdfIn PDF document text
    • https://s3.amazonaws.com/dipafuxe/77427703876.pdfIn PDF document text
    • http://scripts.sil.org/OFLIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000bfa9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBFA9 6116 bytes
SHA-256: 3789bf8df51907847ee7ecbc02d22a0cd286fb314a7b7df1a8978072869fd45f

Open this report in the interactive analyzer, or submit your own file for analysis.