Malicious PDF — malware analysis report

Static analysis result for SHA-256 5a1b569fa5109d14…

MALICIOUS

PDF

55.3 KB Created: 2021-04-19 00:31:00 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: c142f84438bbe798bad81c26b55ad217 SHA-1: 0f02e02172b4b845e3d0cebdae81fc3a98474df4 SHA-256: 5a1b569fa5109d1438af7643a85b1e78f59bcf1d63eb41104e15b39a48b05295
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV and an ML classifier, with heuristics indicating the presence of external URIs. While the document body is heavily obfuscated, the embedded URLs and the PDF structure suggest a phishing attempt. No scripts were extracted, limiting the ability to determine specific malicious actions beyond leading the user to external content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7674

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.birdlifebotswana.org.bw/sites/default/files/webform/sightings-sketches/beporu.pdf
    • https://www.mothercare.ro/sites/default/files/webform/resumes/topijetidilotifoga.pdf
    • https://ambrose.edu/sites/default/files/webform/mamak.pdf
    • https://ambrose.edu/sites/default/files/webform/65047245793.pdf
    • https://www.blplegal.com/sites/default/files/webform/89971565628.pdf
    • https://www.pharoxglobal.com/sites/default/files/webform/6669476875.pdf
    • https://www.uts.cw/sites/default/files/webform/89737617204.pdf
    • https://www.osgeurope.com/sites/osg-corporate.dev/files/webform/tajiwugebewozebukak.pdf
    • http://klm3fg.grhosting.cz/sites/default/files/webform/files/todoxobolukajit.pdf
    • http://www.friendlycc.com/sites/default/files/webform/zuguxinukebezukul.pdf
    • https://www.pharoxglobal.com/sites/default/files/webform/7322176875.pdf
    • https://www.pharoxglobal.com/sites/default/files/webform/27804174203.pdf
    • https://www.uts.cw/sites/default/files/webform/58994315224.pdf
    • https://www.blplegal.com/sites/default/files/webform/8025899801.pdf
    • http://seiary.com/sites/default/files/webform/rec/pexutagizoniged.pdf
    • https://feedproxy.google.com/~r/Uplcv/~3/zMnd8XtcwSM/uplcv?utm_term=white+fang+movie+2018+common+sense+media
    • https://campusrec.princeton.edu/system/files/webform/luzatebinibaxopititum.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.