Malicious PDF — malware analysis report

Static analysis result for SHA-256 61b3f450cddc1f2d…

MALICIOUS

PDF

55.7 KB Created: 2021-06-02 10:39:40 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 40147b07d45bf453dadd381ee0e46b27 SHA-1: 84cd9cb8459d21a2217fa3368faa5884c05978be SHA-256: 61b3f450cddc1f2da62cff66ed853e885bae280e5ec03069c1d343df116eed4b
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by multiple detection engines, including a machine learning classifier and ClamAV. It contains an embedded URL pointing to a suspicious domain, which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, suggests a lure related to 'Mainstays mini blinds cordless'. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6618

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://archism.ru/pbw?utm_term=mainstays+mini+blinds+cordless
    • https://cdn-cms.f-static.net/uploads/4424996/normal_602cdb172c91b.pdf
    • https://static.s123-cdn-static.com/uploads/4489734/normal_60045539be387.pdf
    • https://static.s123-cdn-static.com/uploads/4391302/normal_5febc373a7c21.pdf
    • https://static.s123-cdn-static.com/uploads/4495399/normal_5fc6d855ae74c.pdf
    • https://static.s123-cdn-static.com/uploads/4484818/normal_5fe4337159ab7.pdf
    • https://static.s123-cdn-static.com/uploads/4418985/normal_5ff9ceaf66396.pdf
    • https://static.s123-cdn-static.com/uploads/4381543/normal_6005501c2ff9d.pdf
    • https://static.s123-cdn-static-d.com/uploads/4486034/normal_60b4b9e64d8ed.pdf
    • https://cdn-cms.f-static.net/uploads/4420586/normal_602e5612b2c9b.pdf
    • https://cdn-cms.f-static.net/uploads/4409257/normal_6035117951051.pdf
    • https://cdn-cms.f-static.net/uploads/4484376/normal_6062c22dbbf81.pdf
    • https://uploads.strikinglycdn.com/files/8d896cca-7151-4b00-88fd-530476500e4e/zekawenapopibifiroxosi.pdf
    • https://uploads.strikinglycdn.com/files/352f49f6-9a2d-4490-81b0-8e94cf345a7e/55446913919.pdf
    • https://uploads.strikinglycdn.com/files/edc7b6c6-020e-4d8d-b2c9-edd3c7da345d/how_to_use_gopro_hero_4_as_webcam_without_capture_card.pdf
    • https://uploads.strikinglycdn.com/files/a22e9ddb-c0eb-438d-ac24-2c1201ff5f71/el_dador_de_los_recuerdos_pelicula_completa_en_espaol.pdf
    • https://uploads.strikinglycdn.com/files/33ed3883-f8fb-4c15-ae3e-daab566d482f/how_to_pick_leaf_lettuce.pdf
    • https://uploads.strikinglycdn.com/files/47feb47c-b244-4c25-8bb9-1f6947797608/cadette_netiquette_badge_ideas.pdf
    • https://uploads.strikinglycdn.com/files/819de6a1-25d4-420e-9232-19efe702e795/philosophy_of_public_health_education.pdf
    • https://uploads.strikinglycdn.com/files/0b98fdba-14ba-4740-ac5c-1813afbf65d2/52274969037.pdf
    • https://uploads.strikinglycdn.com/files/5e05b236-677f-4a85-aa30-8d1f51b8f165/punjabi_girl_attitude_image_download.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.