Malicious PDF — malware analysis report

Static analysis result for SHA-256 3890ec09179579fe…

MALICIOUS

PDF

52.6 KB Created: 2021-09-16 11:59:02 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-12
MD5: f76f58b42c005a60f8f1cef3c5bc522b SHA-1: eea1cbf6cef60b6eb3396ecf645884ab56b927d7 SHA-256: 3890ec09179579fe53aff77901c2700e4ee80c18ef54849291ca0cd5aa9c813f
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. It contains embedded URLs that redirect to other PDF files, suggesting a phishing or credential harvesting campaign. The presence of PDF-specific heuristics further supports its role as a malicious document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5004

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://yujinpharma.com/upload/files/98954981051.pdf In PDF document text
    • https://brincandoeaprendendo.com/fotosempresa/files/57524585057.pdfIn PDF document text
    • http://packturf.fr/files/57305416253.pdfIn PDF document text
    • http://www.davidwoodpersonnel.com/wp-content/plugins/formcraft/file-uplIn PDF document text
    • https://feedproxy.google.com/~r/Uplcv/~3/DOqCt-cVA4I/uplcv?utm_term=liebestraum+no+3+pdfPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.