Malicious PDF — malware analysis report

Static analysis result for SHA-256 64d88ecb5e4d4be0…

MALICIOUS

PDF

50.3 KB Created: 2021-04-01 01:26:49 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 23075c809b6782e8e7db8c79c3fb16b4 SHA-1: 5043d85c4de3f792833fdc58969d2fa829613980 SHA-256: 64d88ecb5e4d4be0c3db55d5812c6c906824dc17e13a4505a59b9e566b8a613f
114 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document is identified as malicious by ClamAV and an ML classifier. It employs a common phishing tactic by presenting a screenshot as the document content, with a hidden clickable link to an external URL. The embedded URL, https://midufefew.ru/award?keyword=anemia+falciforme+2020+pdf, is the primary indicator of malicious intent, likely leading to a phishing page or malware download. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7954

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 50 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://midufefew.ru/award?keyword=anemia+falciforme+2020+pdf
    • http://vasuxarogaxatix.iblogger.org/hillsong_united_oceans_piano_sheet_music_free.pdf
    • https://popokafiri.weebly.com/uploads/1/3/1/4/131437291/linevofivuzi.pdf
    • http://instup.xyz/sukabatujuwopezitz7118.pdf
    • https://cdn.sqhk.co/nugutobudan/lTJjigh/semodepunivuxozoz.pdf
    • https://fumunavizagoz.weebly.com/uploads/1/3/4/2/134235019/5769065.pdf
    • https://pizopivawot.weebly.com/uploads/1/3/5/3/135347149/givizisevo_wifipasojaz_dizogel_gegefudi.pdf
    • https://dutitujazekap.weebly.com/uploads/1/3/0/8/130814390/4035823.pdf
    • http://samo-katim.ru/oster_toaster_oven_tssttvmndg_partsakhe6.pdf
    • https://cdn.sqhk.co/sadirorig/ehfHigk/47115103843.pdf
    • https://pinowutofabu.weebly.com/uploads/1/3/4/7/134763632/fodimipusufu-femanuxul.pdf
    • https://cdn.sqhk.co/gudijupimeb/X6giiat/nail_art_kits_list.pdf
    • http://sdfsdfsdf.shaketorch.com/dinoxekajaf.pdf
    • http://legrand-spb.ru/ei_telephone_reporting_service_canada0slha.pdf
    • http://lorenbayi.com/nopofovj7ydn.pdf
    • https://cdn.sqhk.co/rufebumu/hjhbdeU/srsd_self_regulated_strategy_development.pdf
    • http://wumumusonozukak.epizy.com/char_broil_cooking_zone_1000_manual.pdf
    • https://bad3f395-1638-4667-b349-d6f934eeab49.filesusr.com/ugd/ed2d23_8e7a5f369fd34345a5d82f9243293032.pdf?index=true
    • https://s3.amazonaws.com/jevedijadiki/5k_running_plan.pdf
    • https://e510c2d5-567e-4a96-89ff-abc18316baf7.filesusr.com/ugd/8a9bcc_6583bd48adfd4a1c8522eeaebf2a19e5.pdf?index=true
    • https://s3.amazonaws.com/davolazupivowi/best_formal_dress_shops_adelaide.pdf
    • https://s3.amazonaws.com/lomogas/nafikelapaje.pdf
    • https://s3.amazonaws.com/wufujudisu/double_and_halving_worksheet_year_3.pdf
    • https://s3.amazonaws.com/julexekubaj/92802412601.pdf
    • http://zuzariliwit.rf.gd/saurastra_samachar_epaper_bhavnagar.pdf
    • https://b993c520-4fc9-488d-8dda-35d8b3dc2713.filesusr.com/ugd/6f5492_9bc849b2610841a0b159ce10a54a7560.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.