Malicious PDF — malware analysis report

Static analysis result for SHA-256 3df9ba0b46055de1…

MALICIOUS

PDF

66.8 KB Created: 2021-03-20 03:12:52 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-22
MD5: a6fab5b90f3ab7f91adcfcd740b23b7f SHA-1: 358a53e50d2003996774634aa7a79d7508c4553b SHA-256: 3df9ba0b46055de10a7cac9ffca6082e010acc7608e8f858b016ca624a5066cd
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8402

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://midufefew.ru/award?keyword=batna+and+watna+pdf PDF link annotation
    • https://cdn-cms.f-static.net/uploads/4472773/normal_603ed25de91bc.pdfIn PDF document text
    • http://edaeda.moscow/5473143162nihr4.pdfIn PDF document text
    • http://mebets.xyz/76365769619h9nap.pdfIn PDF document text
    • https://cdn.sqhk.co/tuseliwi/7hhmqnV/vafavil.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4499629/normal_5ff07b69203e0.pdfIn PDF document text
    • https://cdn.sqhk.co/kuxixixixi/ageigSA/fractions_worksheets_grade_5_south_africa.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4455405/normal_604fbf1228a89.pdfIn PDF document text
    • https://cdn.sqhk.co/febapaji/j6iciEg/vutadagubu.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4445541/normal_5ffa1b2660f6c.pdfIn PDF document text
    • http://mignonette.space/cars_3_movie_poster3b9oj.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4380681/normal_600b6a3ef2ebc.pdfIn PDF document text
    • https://cdn.sqhk.co/linigurep/hfhcUif/fabekemasipab.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4414169/normal_6013777c9c457.pdfIn PDF document text
    • https://cdn.sqhk.co/nojedevatas/cTDiesv/movies_like_detective_byomkesh_bakshy.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://uploads.strikinglycdn.com/files/60a5681a-eb66-4664-8e2c-3518965a47a0/siemens_thermostat_rdh10rf_problems.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/f116da5a-9444-430b-9fc4-6d8fc140dcfa/48786271439.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/2d22f3e7-5644-426c-90e8-d8b0795b72fc/jenizosidubegitojewo.pdfIn PDF document text
    • http://scripts.sil.org/OFLIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000f255.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xF255 4868 bytes
SHA-256: c4d537224523e611c8864ac073f4f24e98bd624b72c5bd1cba3302cc715b1582

Open this report in the interactive analyzer, or submit your own file for analysis.