Malicious PDF — malware analysis report

Static analysis result for SHA-256 577abb735fd8f9be…

MALICIOUS

PDF

73.3 KB Created: 2021-03-23 12:50:56 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 7278af0eaed4a90730bc3f0a553d16a0 SHA-1: e8936481fd41c0ba5223c7b76c88b45b49ddaeb7 SHA-256: 577abb735fd8f9be4c214b20e9b0256097cda2311ea9f755d36048effcbfd40e
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The file is a PDF document that contains a lure related to managing change in education. It embeds a URL that points to a malicious domain, likely intended to download a secondary payload or redirect the user to a phishing site. The ClamAV detection and ML classifier strongly indicate malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7202

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://soxebez.ru/strik?utm_term=how+to+manage+change+in+education+on+facebook+without+posting
    • https://cdn.sqhk.co/xogedusov/gutgeja/adt_pulse_gateway.pdf
    • http://xoxuvajes.mywebcommunity.org/72138264374.pdf
    • http://tonemisi.medianewsonline.com/marriage_bible_study_for_small_groups.pdf
    • https://cdn.sqhk.co/vadetegubufo/jhcgg7T/sweet_princess_fantasy_hair_salon_mod_apk.pdf
    • http://sfhgfje5df.xyz/trim_a_home_christmas_tree_manuali2bi7.pdf
    • http://mrshadow.net/7337504228xdz90.pdf
    • http://grafoanaliz.ru/51659918222wxeev.pdf
    • http://zaxegod.getenjoyment.net/21282769355.pdf
    • http://vknart.xyz/do_primers_go_bad_reloadingxz112.pdf
    • https://cdn.sqhk.co/mujejadalale/cSihIcl/galaxy_sky_shooting_download_mod_apk.pdf
    • https://cdn.sqhk.co/gexedamej/ngihpes/free_computer_science_courses_for_beginners.pdf
    • http://woodlesenka.ru/supply_chain_management_jobs_tyler_txm3e5e.pdf
    • http://nanamojuvimujo.medianewsonline.com/37973025936.pdf
    • https://cdn.sqhk.co/jinubodilev/1Uyibih/sssniperwolf_videos_today.pdf
    • https://cdn.sqhk.co/denobafopum/ggmijGO/beginner_flute_exercises.pdf
    • http://xonejalevesezom.sportsontheweb.net/bending_stress_in_beams_solved_examples.pdf
    • https://cdn.sqhk.co/divoxisig/Qhaiajf/wings_and_rings_weslaco_happy_hour.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • https://3f735f5a-cd1c-4288-bd93-adeff6e084d9.filesusr.com/ugd/bcc0e4_7a8f4e618eea4382bf34d82e41157bbe.pdf?index=true
    • http://kofaxafogi.myartsonline.com/94606459754.pdf
    • https://5902ff30-e651-486c-ac37-3e8383bfa78f.filesusr.com/ugd/f35da0_88ebd4b00b554dce9bc2d38613bdcb2f.pdf?index=true
    • https://9e4d96d7-92f1-4145-9aac-d1976e75dfe6.filesusr.com/ugd/49a98b_0460a711dd8d40bcaed8c7af3b35fd00.pdf?index=true
    • https://fec450ea-b80f-4746-b851-35139cc02de5.filesusr.com/ugd/53a83b_a2a05777fabc40deb7ceaaaa6e3d9bba.pdf?index=true
    • http://lojubefogugiku.onlinewebshop.net/25116994218.pdf
    • http://vakizonozajaxe.onlinewebshop.net/perominasegusiz.pdf
    • https://60659a61-a27b-47ea-8eac-a81775c62269.filesusr.com/ugd/7a7fb1_96a911dc3ea24792a42674a362813ff0.pdf?index=true
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000fb4c.bin
ef22fb1c7504c2636d70ae6e25a2bfef623645e2de6be89fcc3db530cba93b3f		 pdf-font-stream PDF embedded font (sfnt) at offset 0xFB4C 5700 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.