Malicious PDF — malware analysis report

Static analysis result for SHA-256 5bf9057c007bd0cf…

MALICIOUS

PDF

56.6 KB Created: 2020-11-30 06:13:55 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: bb29193f582f7798628afa3aeae94525 SHA-1: 465f859765524cc8b8f96a8e700d15cbc0efd18e SHA-256: 5bf9057c007bd0cff73cd6d3583622d7a220657ff46ecfa37d0f3869554e9658
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains an embedded URI pointing to a suspicious domain, which is a strong indicator of a phishing or malware distribution attempt. ClamAV and ML classifiers also flagged the file as malicious. The document body, though heavily obfuscated, appears to contain product-related keywords, suggesting a lure to a malicious site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6956

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffking.ru/strik?utm_term=black+and+decker+chv1410l+filter
    • https://cdn-cms.f-static.net/uploads/4376869/normal_5fbc88ca71299.pdf
    • https://cdn-cms.f-static.net/uploads/4412584/normal_5fa0bf9476522.pdf
    • https://uploads.strikinglycdn.com/files/fc0163e1-5a51-40d5-b621-eb92833acb8d/asap_ferg_mp3_download.pdf
    • https://uploads.strikinglycdn.com/files/2ad61570-6aff-4ecf-b648-c1f8402a56ac/drum_pad_download.pdf
    • https://s3.amazonaws.com/xoguwavosuje/brisbane_central_station_platform_map.pdf
    • https://s3.amazonaws.com/kakekojezutok/simawafirotifo.pdf
    • https://uploads.strikinglycdn.com/files/848b4415-955e-4f5a-9219-fed1d94dc4dc/2799152161.pdf
    • https://s3.amazonaws.com/pegebunov/arcade_games_for_android_play.pdf
    • https://uploads.strikinglycdn.com/files/fe22685b-e873-49f6-9eb2-65a7c7abc2b7/59559081202.pdf
    • https://uploads.strikinglycdn.com/files/023ca16c-20a2-444c-902e-5881b8ec1961/47000960048.pdf
    • https://s3.amazonaws.com/gizonukorad/muliwimufaludema.pdf
    • https://uploads.strikinglycdn.com/files/6a98e90b-2c1d-48fb-a3d7-3d1e5c68e5f8/tufaregabofifarufos.pdf
    • https://s3.amazonaws.com/senodiw/the_grudge_google_docs.pdf
    • https://uploads.strikinglycdn.com/files/ee0b4f9e-8369-4654-ac8e-888b62b4a7f9/att_center_concert_seating_chart_with_rows.pdf
    • https://uploads.strikinglycdn.com/files/acb89e10-0535-4ec4-9e3f-e0f34952f502/wopuxuvikunegamal.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.