Malicious PDF — malware analysis report

Static analysis result for SHA-256 37e1057ddf834d70…

MALICIOUS

PDF

38.6 KB Created: 2021-09-06 04:16:26 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-12
MD5: 9f2cb2ac37c81533b90c255f5fc21cfa SHA-1: 68015efccc6d7a51f4c137a236d3395634a7cd9b SHA-256: 37e1057ddf834d7003eedf7ac696266be7d773404105502ec28d09f3ca84a821
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as a PDF and triggers a ClamAV signature indicating it is a phishing or trojan variant. While the embedded URL was flagged as benign, the critical ClamAV detection strongly suggests malicious intent, likely related to phishing or malware delivery. No scripts were extracted, limiting further analysis of the payload.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3262

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/Uplcv/~3/PmAiG5ZyT-k/uplcv?utm_term=autobiography+of+a+yogi+english+pdf PDF link annotation