Malicious PDF — malware analysis report

Static analysis result for SHA-256 443b06ee3797ded5…

MALICIOUS

PDF

49.6 KB Created: 2021-08-01 04:00:42 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-24
MD5: be2fd4f15db6bdd697140c4b3ec9ec5e SHA-1: 31ff942572132e596f06c9c73b5101b904e26e9c SHA-256: 443b06ee3797ded581a900f8dea154d3cd63c07e6ef1262ee57964649c963488
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5141

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://medvor.ru/uplcv?utm_term=amigos+para+siempre+noten+pdf PDF link annotation
    • https://fourseasons.events/wp-content/plugins/super-forms/uploads/php/files/6c6e92f4ae69a956f5a35d740e463d13/15853352486.pdfIn PDF document text
    • http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160b459b2bdbff---fetuzelalujexusetodu.pdfIn PDF document text
    • http://kimbuunguyen.com/uploads/userfiles/filIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.