Malicious PDF — malware analysis report

Static analysis result for SHA-256 4bb51bb5cca18134…

MALICIOUS

PDF

332.0 KB Created: 2021-07-04 15:52:23 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-07
MD5: 9e43df06c8ad701c49cbb74aad1527c6 SHA-1: 4479f5c502923c88f5ccb173b11bf26307b7e59a SHA-256: 4bb51bb5cca1813446c52b915981145857129ad72924ff698e3398fda527327a
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The file was identified by ClamAV with a signature indicating it is a phishing or trojan PDF. The embedded URL, while flagged as benign, is associated with the file's detection. The PDF structure and the specific ClamAV signature suggest an attempt to lure the user into downloading or executing malicious content, likely via a phishing pretext.

Machine Learning

  • Nyx PDF Classifier clean score 0.1459

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/cv9VXjIrmdE/uplcv?utm_term=heat+and+mass+transfer+fundamentals+and+applications+6th+edition+free+pdf PDF link annotation