PDF malware analysis — malicious · 43f9f7f889767eea

MALICIOUS

PDF

88.7 KB Created: 2021-07-20 06:47:36 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-05

MD5: 8292b32b37385c0bc8bd157ad0581d8f SHA-1: 6a553d9397db0e76c2d0f9beb4e2253beea6f7fa SHA-256: 43f9f7f889767eeab7d7f73db9a8b7af0705a4f9b6e0f287babde02cf5c86145

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is a PDF document that contains embedded URLs, some of which are flagged as unknown reputation. The ClamAV detection and ML classifier indicate maliciousness, likely related to phishing or malware distribution. No scripts were extracted, but the presence of embedded URLs suggests an attempt to redirect the user to malicious sites.

Machine Learning

Nyx PDF Classifier malicious score 0.6048

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://braintradingbcn.com/wp-content/plugins/super-forms/uploads/php/files/09beeb0121643af1ceb45c2161a511f5/kipiz.pdf In PDF document text
- http://xn--aknmedcal-wpbe.com/uploads/file/kowaxawasevukegisexoz.pdfIn PDF document text
- https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/BvfzZFkJO3s/uplcv?utm_term=approval+crossword+cluePDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.