PDF malware analysis — malicious · 41879a6c6a351bfd

MALICIOUS

PDF

160.0 KB Created: 2021-05-06 12:20:08 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-01

MD5: 4d470c61ae483cfcc578657f17ec0a18 SHA-1: 25d596d625ae057c4d25ae7116a688425b74143f SHA-256: 41879a6c6a351bfd1783ed2978c4587f7cb21d2d1d84b39e2814039dfbd1810e

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a signature indicating phishing and trojan behavior. It contains an embedded URL pointing to a suspicious domain, which is likely intended to host a malicious payload or redirect the user to a phishing site. Although no scripts were explicitly extracted, the PDF structure and the presence of an unknown URL suggest an attempt to exploit the user or download further malicious content.

Machine Learning

Nyx PDF Classifier suspicious score 0.3780

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://robertmatzuzi-massagetherapist.co.uk/wp-content/plugins/formcraft/file-upload/server/content/files/160922cef0ef44---61001286757.pdf In PDF document text
- https://feedproxy.google.com/~r/Uplcv/~3/fzgW7-mxBc0/uplcv?utm_term=casing+capping+wiring+accessories+pdfPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.