PDF malware analysis — malicious · 5122ee1384cbd104

MALICIOUS

PDF

34.7 KB Created: 2020-11-18 01:44:52 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: c0727b60426df607a82972fe37b41efd SHA-1: 8d8f44abde499fcfe02234f2efc1cd32d0213694 SHA-256: 5122ee1384cbd104175fb8b4c2d3d43d0c509ccd2eaf09a798dc12838122be7b

114 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is a PDF that appears to be an image-only lure, typical of phishing attacks. It contains a clickable link to an external URL, which is a common method for delivering malicious content or redirecting users to phishing pages. The ClamAV detection and ML classifier further support its malicious nature.

Machine Learning

Nyx PDF Classifier malicious score 0.8097

Heuristics 4

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 34 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://trafficel.ru/aws?utm_term=ten+eyewitness+news+reporters+perth

Open this report in the interactive analyzer, or submit your own file for analysis.