Malicious PDF — malware analysis report

Static analysis result for SHA-256 37688101d3875df6…

MALICIOUS

PDF

66.8 KB Created: 2021-03-22 13:54:15 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: bfe378fb617db2e53fc2abff31903e91 SHA-1: 36d37f024c7efd2a0fd16357cc792075cf27fba4 SHA-256: 37688101d3875df6b313a3f02cb5f4b39edc031cdc7dbcd80c8208b41b94c97b
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF file was flagged by ML classifiers and ClamAV as malicious. It contains an embedded URI pointing to a suspicious domain, which is likely used to deliver a second-stage payload. The document body, though heavily obfuscated, suggests a lure related to 'anatomy of animals book pdf'. No scripts were extracted, but the presence of external links indicates a download or redirection attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7003

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://bologen.ru/award?keyword=anatomy+of+animals+book+pdf
    • https://cdn.sqhk.co/rapowipijes/0iigc4d/26657635689.pdf
    • https://jalipixax.weebly.com/uploads/1/3/4/3/134340191/gegife.pdf
    • https://cdn.sqhk.co/mujekesire/Mgchhhg/78134123422.pdf
    • https://xozavefo.weebly.com/uploads/1/3/4/0/134018900/kojovawovaguvapu.pdf
    • https://cdn.sqhk.co/mojikeke/hibhjqv/martyrs_film_parents_guide.pdf
    • http://xalenupom.getenjoyment.net/effective_legal_communication_skills.pdf
    • https://sudomudes.weebly.com/uploads/1/3/0/8/130874284/3940773.pdf
    • http://mmmmmme.space/walodarupuxot5xfsw.pdf
    • https://piwifagipob.weebly.com/uploads/1/3/1/3/131379899/vefemuse_lurobit_sivusuxamomako.pdf
    • http://gajonedorebuko.mywebcommunity.org/bozulusipimufiref.pdf
    • http://rasidafepu.mypressonline.com/amarillo_by_morning_violin_sheet_music.pdf
    • http://arendagg.xyz/ver_pelicula_hermosas_criaturas_en_espaol_latinoy10tr.pdf
    • https://marikikugawu.weebly.com/uploads/1/3/5/3/135326377/wejuvi-metebi-faxuvoxa-podiboxo.pdf
    • https://cdn.sqhk.co/risubibasero/jjoicYQ/dozadipunud.pdf
    • http://claire-irk.ru/how_much_is_a_2014_kawasaki_ninja_300dlql6.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • https://uploads.strikinglycdn.com/files/b94a3697-9670-41c6-8596-70a0ed261e0e/director_of_public_relations_salary_nyc.pdf
    • https://s3.amazonaws.com/lupuvogotog/hyderabadi_biryani_dj_song_free.pdf
    • https://uploads.strikinglycdn.com/files/a3343a2b-e251-477a-be66-09f0d24e5d88/hx_stomp_update_2.92.pdf
    • http://timerojulawu.myartsonline.com/97118044311.pdf
    • https://s3.amazonaws.com/temujonuwu/80769509306.pdf
    • https://s3.amazonaws.com/jagux/food_diary_excel_sheet.pdf
    • https://s3.amazonaws.com/kovozenamofox/alabama_dhr_mandatory_reporting.pdf
    • https://s3.amazonaws.com/sefipa/lodamij.pdf
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000eb9f.bin
ef147216caada170d78e578e774fb14d6945b8941f24b71ac00909c4c3aebcdd		 pdf-font-stream PDF embedded font (sfnt) at offset 0xEB9F 5388 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.