Malicious PDF — malware analysis report

Static analysis result for SHA-256 4318a5d761e13b21…

MALICIOUS

PDF

91.1 KB Created: 2021-03-18 08:07:43 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 89bbf4d6c194e6b38d46b7d31f947925 SHA-1: cac2ec6768f3cbf592c015d63da58d8702df5375 SHA-256: 4318a5d761e13b216e5fd94223c8d792fb57da04a46eae1467f6df66335b3e43
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by multiple heuristics, including ML and ClamAV, which flagged it as a phishing trojan. The document body, though heavily obfuscated, contains text related to 'Psicologia de la emocion uned pdf' and the wkhtmltopdf tool, suggesting a lure. The presence of external URIs, particularly 'https://dafemum.ru/award?keyword=psicologia+de+la+emocion+uned+pdf', indicates an attempt to redirect the user to a malicious site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9458

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://dafemum.ru/award?keyword=psicologia+de+la+emocion+uned+pdf
    • https://cdn-cms.f-static.net/uploads/4489850/normal_603d436584a57.pdf
    • http://niromup.iblogger.org/segobomunuboz.pdf
    • http://suruwafid.22web.org/sabexowevimebojixupu.pdf
    • https://cdn-cms.f-static.net/uploads/4423136/normal_60379a84016e3.pdf
    • http://sofoviwov.iblogger.org/mr_beams_light_manual.pdf
    • https://cdn-cms.f-static.net/uploads/4403688/normal_604e937e87584.pdf
    • https://b00f38ea-0d13-4519-ab0f-1253f0d03ca0.filesusr.com/ugd/289c5e_d6447ce71c544b52aac2e121c3796751.pdf?index=true
    • https://s3.amazonaws.com/mizeteb/assassin_s_creed_unity_trainer.pdf
    • https://d451e762-8e00-4155-9971-9512d28d2528.filesusr.com/ugd/b52961_71c1123603484394b9cfa7e151e69aa0.pdf?index=true
    • http://gamaperip.rf.gd/venkatrama_co_telugu_calendar_2020_download.pdf
    • https://s3.amazonaws.com/tevomenil/oracle_database_interview_questions_and_answers.pdf
    • https://uploads.strikinglycdn.com/files/e982462e-f4dd-461c-87fa-a95af29305c5/how_to_find_operating_cash_flow_from_income_statement.pdf
    • http://bodamuma.rf.gd/syncing_bluehost_email_to_android.pdf
    • https://uploads.strikinglycdn.com/files/12e07d44-4c6e-4e3a-91c6-dec8e1737f0b/yamaha_rx-a820_service_manual.pdf
    • https://s3.amazonaws.com/gezetega/21151456170.pdf
    • https://s3.amazonaws.com/tumasun/fuwenupigomumoku.pdf
    • https://625f08e2-3d8e-45b5-8e8c-b95d001c5c7c.filesusr.com/ugd/d94ae5_6ea10eec81094a96ba3ca3d32f20f53e.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.