Malicious PDF — malware analysis report

Static analysis result for SHA-256 34233b9f93c63e26…

MALICIOUS

PDF

53.6 KB Created: 2020-11-25 05:07:40 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: ee2d2edbeac67bb5b9570db01d5a3abe SHA-1: ed0f74f2cd31c3b847266610f13a5edd75c07de3 SHA-256: 34233b9f93c63e26ca50ca7a484ca7671665907d524098e97ea539049c414c63
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was detected as malicious by ClamAV and an ML classifier. It contains an embedded URI pointing to a suspicious domain, likely intended for phishing or malware distribution. The document body, though heavily obfuscated, contains text related to 'Florence county prison', suggesting a lure to trick users into visiting the malicious URL.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9607

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://trafficel.ru/strik?utm_term=florence+county+prison
    • https://cdn-cms.f-static.net/uploads/4454677/normal_5fb9528ba9c71.pdf
    • https://s3.amazonaws.com/fexuror/22908204706.pdf
    • https://s3.amazonaws.com/sabegokek/omegle_chat_app_apk.pdf
    • https://s3.amazonaws.com/tesotiwapax/axiom_of_dependent_choice.pdf
    • https://s3.amazonaws.com/fofeguj/32825202937.pdf
    • https://s3.amazonaws.com/kewakuko/how_to_highlight_on_ipad_pro.pdf
    • https://uploads.strikinglycdn.com/files/0fbf42c5-b22f-4ed2-b9fc-f3f80958a11c/86032494176.pdf
    • https://s3.amazonaws.com/lixuduwonifa/audio_books_with_free_download.pdf
    • https://uploads.strikinglycdn.com/files/95ecb446-ca4a-4da6-b3c6-ab0c1cc2760a/watch_band_pins_chart.pdf
    • https://uploads.strikinglycdn.com/files/2cf77575-d059-4395-8a8f-75881ab1008c/17610688589.pdf
    • https://uploads.strikinglycdn.com/files/6f0d44af-a2d3-41f9-ad73-3f34906a266d/ifrogz_earbuds_manual.pdf
    • https://uploads.strikinglycdn.com/files/90821ca4-051d-4f06-8ae6-cbb0effb3c49/apqp_document.pdf
    • https://uploads.strikinglycdn.com/files/8af4b182-84cd-4445-a228-3d0d3f91eee2/kefujanijogaberetafika.pdf
    • https://uploads.strikinglycdn.com/files/f32b8001-9484-4817-8544-00464c82bd26/11564508740.pdf
    • https://s3.amazonaws.com/safago/tujoralekini.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.