PDF malware analysis — malicious · 416ab0da960c8a91

MALICIOUS

PDF

55.4 KB Created: 2021-06-13 01:57:26 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-25

MD5: bb614e99854e489228a34286044229da SHA-1: 4278f6613b880525d6664968a72bd75186fe83c8 SHA-256: 416ab0da960c8a917597a4c87d445304cf554dec5232506793ccd0ed2f597c1c

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

Nyx PDF Classifier malicious score 0.8874

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://garglob.ru/pbw?utm_term=full+guys+apk+download PDF link annotation
- https://cdn-cms.f-static.net/uploads/4452386/normal_601baee82c2d3.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4499999/normal_600256db8542e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4456135/normal_606e115d7649c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4381735/normal_605b3c53d571a.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4393369/normal_5fe561d9bbd7c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4426257/normal_6056e328f3dbe.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4418583/normal_6001d99e29bfe.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4392207/normal_5febfc72c718c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4456379/normal_60c31d41b3d0f.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef924aa1-afe6-4c18-b438-a036a2424ddb/que_son_las_tecnicas_de_recoleccion_de_datos_segun_autores.pdfIn PDF document text
- http://wiwedano.pbworks.com/f/24471673910.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f1cf9b63-a27a-4cf9-a7a2-cbefbd14e68a/realidades_2_capitulo_2a-1_answers.pdfIn PDF document text
- http://wixugigir.pbworks.com/w/file/fetch/144438810/osrs_fight_caves_blowpipe_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ce879428-0b19-4e72-91ca-0cb0d88337a1/hp_color_laserjet_cp1215_printer_cartridge_price_in_india.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3f7b4013-2a7a-4ac9-95a7-01743e4b53da/the_comprehensive_enfp_survival_guide_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/40c0171e-2902-4702-bdc7-e32bf3207701/jirifoxit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/38be4b01-86c1-4ea8-8ab2-33af500cf3c6/7769066846.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2b7acfb8-d972-4805-b575-bf33390ad252/libro_finanzas_corporativas_dumrauf_gratis.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a97fee54-cc7a-41b5-8181-004c933aebaa/76382788837.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7e9eda42-13e0-4a58-be7e-3cc3db5e0c3c/wireless_communication_system.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/72291daf-3569-4dc3-b7e5-372106bddeca/how_do_you_reset_a_samsung_refrigerator_33e.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2f223676-031e-4c22-9c17-c524f0978dc6/wokobinimupujemapojebo.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.