Malicious PDF — malware analysis report

Static analysis result for SHA-256 60f73221fb78ebb0…

MALICIOUS

PDF

68.1 KB Created: 2021-02-27 03:01:21 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-05
MD5: 03e5e0bffa04b71507f147d448d74f0d SHA-1: 4ce8a0e09069aa8f9a4dcfa16559d0bed73672b6 SHA-256: 60f73221fb78ebb0d5b6b19bad32c3d08cc779560a61bd1698fadf5136d9ab55
134 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF file was detected as malicious by ClamAV and ML classifiers, indicating a phishing or trojan payload. The document body and heuristics suggest a lure related to 'bodyweight exercise circuit fat loss' which redirects to a suspicious URL, likely to download further malicious content. The presence of embedded URLs and the nature of the detection point towards a phishing attack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6982

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
    PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://fokemale.ru/award?keyword=bodyweight+exercise+circuit+fat+loss PDF link annotation
    • https://gifaxopolipo.weebly.com/uploads/1/3/0/7/130739444/d9414a1f00e3.pdfIn PDF document text
    • http://eurozone.pro/96343818213puqo2.pdfIn PDF document text
    • http://tihefers.online/the_essential_theatre_11th_edition_free27vw2.pdfIn PDF document text
    • http://leaninrzpd.site/mugulukovireto2fklk.pdfIn PDF document text
    • http://natiral.space/11556194582mmp0e.pdfIn PDF document text
    • https://fipamowusaki.weebly.com/uploads/1/3/4/8/134879766/3301116.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4486969/normal_60372d3feb809.pdfIn PDF document text
    • http://austritkfa.com/weil_mclain_ultra_series_2_error_codesuson5.pdfIn PDF document text
    • http://onlineeshop24.xyz/pelebakilodixajevesofurxew4r.pdfIn PDF document text
    • http://alfa-quest.ru/bejuralubisekopawum0qvtw.pdfIn PDF document text
    • http://topuniversityru.fun/the_firm_book_mckinsey3qzin.pdfIn PDF document text
    • http://hurricane1.space/integumentary_system_quiz_with_answersp92cq.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4381090/normal_5fc5a2d5b9f30.pdfIn PDF document text
    • https://wijuluvewez.weebly.com/uploads/1/3/1/4/131437378/jawojarizolu.pdfIn PDF document text
    • https://s3.amazonaws.com/bamepofewalada/silolerofup.pdfIn PDF document text
    • https://s3.amazonaws.com/dufekifaral/89008106875.pdfIn PDF document text
    • https://s3.amazonaws.com/levovod/94760838752.pdfIn PDF document text
    • https://s3.amazonaws.com/fosalizuzu/usfda_guidelines_ppt.pdfIn PDF document text
    • https://s3.amazonaws.com/bikikanafopavu/80455966749.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.