Malicious PDF — malware analysis report

Static analysis result for SHA-256 658c404481cad8ea…

MALICIOUS

PDF

57.4 KB Created: 2021-02-27 22:55:52 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 440c7a8df4b2963489b00f4e609733af SHA-1: 6077afecb3aa3e1f11f4fdd96f2a1faffb55a2cb SHA-256: 658c404481cad8eab551e1c13421b59debeb89b9588024a2fe38756c889dfd86
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains embedded URLs, one of which is flagged as malicious. The document body, though partially corrupted, suggests a lure related to a book review. The presence of multiple external URIs and a high ML classifier score indicate malicious intent, likely for phishing or to download further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7545

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://kuzutuzo.ru/aws?utm_term=el+espejo+enterrado+carlos+fuentes+rese%25C3%25B1a
    • https://cdn.sqhk.co/sewadokoka/lwKjdK6/2012_fiat_500_pictures.pdf
    • https://tabogivazosepa.weebly.com/uploads/1/3/1/8/131871767/4675407.pdf
    • http://katerevemoposab.iblogger.org/bokisegojalusitakizin.pdf
    • http://pizedajunar.22web.org/guidepoint_dubai_office.pdf
    • http://rigovutamejebum.iblogger.org/milofodatoju.pdf
    • https://cdn.sqhk.co/rivitovolu/hcTwhhD/yong_heroes_codes_2020.pdf
    • https://cdn.sqhk.co/jewimebobi/cKLmnhi/space_frontier_act.pdf
    • https://cdn.sqhk.co/wemowubire/hhh9wjc/46366608035.pdf
    • https://cdn.sqhk.co/balaragu/hiiMfCp/air_flight_control_system.pdf
    • https://cdn.sqhk.co/jufebarur/qgd6KtH/crossing_swords_hulu_cast.pdf
    • https://cdn.sqhk.co/nepodowu/XA7HOgi/chinese_drama_2018_school.pdf
    • https://jukosixosibi.weebly.com/uploads/1/3/1/8/131871462/9480620.pdf
    • http://kiratemize.22web.org/liverpool_vs_man_utd_squad_sheets.pdf
    • http://vuxokiwi.22web.org/sefugemalatefegitem.pdf
    • http://kogavajel.epizy.com/23379533524.pdf
    • http://mivezemobopu.rf.gd/the_neverending_story_actors_now.pdf
    • http://ledukuxadom.epizy.com/takupapekurubuvura.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.