Malicious PDF — malware analysis report

Static analysis result for SHA-256 33a3c96187251aff…

MALICIOUS

PDF

46.2 KB Created: 2021-08-17 16:52:35 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-22
MD5: 22e4ce9dc7607ce92311201bdcd2334a SHA-1: e521b1f180b3e52fce0c200fdb2dc057989b3dcd SHA-256: 33a3c96187251aff8873145c0a50c541866a395c668aad148a663aa2d11ca1ab
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a 'Pdf.Phishing.Trojan' signature. It contains an embedded URI pointing to a URL that, while flagged as benign by the URL reputation service, is suspicious given the malware detection. The PDF structure and the presence of an external URI suggest an attempt to redirect the user to a malicious site, likely for phishing or to download further malware.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3855

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/BvfzZFkJO3s/uplcv?utm_term=akelarre+mario+mendoza+pdf+descargar+gratis PDF link annotation