Malicious PDF — malware analysis report

Static analysis result for SHA-256 36ed59f8a568b556…

MALICIOUS

PDF

58.6 KB Created: 2021-11-12 10:22:22 +09:00 Authoring application: Aspose Ltd. (via Aspose.PDF for .NET 20.8) First seen: 2021-11-23
MD5: 6b19e6234f09eb009fabf8d96b2aad7c SHA-1: fd81c6ec1d5d76f566377fa97d6e7f9e46639d6b SHA-256: 36ed59f8a568b55688ba18f4fab060f893a717c488d0ac9a098e940a482f8203
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a specific signature indicating phishing and trojan characteristics. While no executable scripts were extracted, the PDF structure and embedded URL suggest an attempt to trick the user into navigating to a potentially malicious site. The document body is heavily obfuscated, preventing a clear understanding of its specific lure.

Machine Learning

  • Nyx PDF Classifier clean score 0.0002

Heuristics 2

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns# In PDF document text