Malicious PDF — malware analysis report

Static analysis result for SHA-256 3f3090754fb3c683…

MALICIOUS

PDF

39.0 KB Created: 2021-08-26 06:28:12 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-02
MD5: a0ece084a1062cc6a54f711a1826a9cd SHA-1: ab3a5c0f951c524d01e4ecd8b15bee0d33c6d31c SHA-256: 3f3090754fb3c6831faa5b1ab7668a1d7c094a19f851e322bb37784fe1f27425
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was identified as malicious by ClamAV with a signature indicating phishing and trojan activity. It contains an embedded URI pointing to a suspicious domain, likely intended to lure the user to a phishing site. No scripts were extracted, but the PDF structure and embedded URI suggest a phishing attack.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3262

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://philabc.ru/uplcv?utm_term=bible+on+loving+others PDF link annotation