Malicious PDF — malware analysis report

Static analysis result for SHA-256 39abfb90bb2d16ab…

MALICIOUS

PDF

55.8 KB Created: 2021-03-20 21:32:46 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: a87cd28eefa041497081daa2e305bccc SHA-1: b2d464f58b70b5d19bcd1f4f484b28ccf2f0222a SHA-256: 39abfb90bb2d16ab47f0860b1b2cd518c2d1c122d54e046834c3b1a1472bd560
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF file contains embedded URLs and heuristic firings indicating malicious content, specifically a phishing lure related to career paths. The ClamAV detection and ML classifier further support its malicious nature. While no scripts were directly extracted, the presence of external URIs suggests an attempt to download a secondary payload, likely a phishing page or malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7570

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://soxebez.ru/award?keyword=career+paths+medical+pdf+download
    • http://jakor.pro/t_sql_tutorial_for_beginners_with_examplesi4wgf.pdf
    • http://zofokesagofot.22web.org/compositions_of_functions_answer_key.pdf
    • http://pozijuza.scienceontheweb.net/nordictrack_c2255_owners_manual.pdf
    • http://magazok.top/chronicles_of_narnia_where_to_watchv62up.pdf
    • http://gazupoz.sportsontheweb.net/carol_ann_duffy_selected_poems.pdf
    • http://bagidopivulo.mywebcommunity.org/fusionner_2_entre_eux.pdf
    • http://dawexefif.getenjoyment.net/xasolos.pdf
    • https://tivepikilusu.weebly.com/uploads/1/3/4/7/134759048/5464365.pdf
    • https://goporalujo.weebly.com/uploads/1/3/5/3/135398971/rixeta.pdf
    • https://zubotovilep.weebly.com/uploads/1/3/4/5/134581484/c7689dd183951.pdf
    • http://fibipowokogo.sportsontheweb.net/principles_ray_dalio_summary.pdf
    • https://rasafidi.weebly.com/uploads/1/3/0/7/130776861/puwuduvelujoxok-favopivalew-wunila.pdf
    • http://igclienteam.com/how_to_read_price_volume_trendhmy5s.pdf
    • http://tixesikixux.mygamesonline.org/29497503336.pdf
    • https://pijetupuz.weebly.com/uploads/1/3/4/3/134351396/wudasojusifipena.pdf
    • http://dodajavux.scienceontheweb.net/1001_albums_you_must_hear_before_you_die_full_list.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • https://s3.amazonaws.com/fusopoxipo/cinderella_2000_full_movie.pdf
    • https://s3.amazonaws.com/fowonaxul/metilojalalis.pdf
    • https://s3.amazonaws.com/jazofi/elwood_staffing_timesheet.pdf
    • https://s3.amazonaws.com/dudurat/best_calorie_counter_app_uk_2020.pdf
    • http://tanonarimunal.myartsonline.com/augusto_cury_espaol.pdf
    • http://xomapagovujux.atwebpages.com/how_to_use_the_sodastream_spirit.pdf
    • http://lumaxixi.epizy.com/nejipufirefivexokoxop.pdf
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000d1ff.bin
ad162d19580f58efc281841d4bd8e86916ed98dae93423d2935b8a0d98c57959		 pdf-font-stream PDF embedded font (sfnt) at offset 0xD1FF 5392 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.