PDF malware analysis — malicious · 39dbbbde6730d872

MALICIOUS

PDF

38.5 KB Created: 2021-08-28 18:08:32 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-25

MD5: e54864b5d8c0a5844733d57bb77b039b SHA-1: f543e00798bb479913bb75c7de4bf4d4ce5b0d4c SHA-256: 39dbbbde6730d872f84e5b088556e5cf1a8e6282ed4bb99d228fd70185fc71b1

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file was detected as a malicious PDF by ClamAV, specifically flagged as a phishing trojan. It contains an embedded URI that points to an external resource, likely intended to lure the user into clicking it. While no scripts were explicitly extracted, the PDF structure and the presence of an external link suggest an attempt to redirect users to a malicious site for further exploitation.

Machine Learning

Nyx PDF Classifier suspicious score 0.3262

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/skout/mBVl/~3/6naE_Nh8_CY/uplcv?utm_term=meaning+of+typ PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.