Malicious PDF — malware analysis report

Static analysis result for SHA-256 661c59326fe97d35…

MALICIOUS

PDF

49.6 KB Created: 2020-12-23 01:15:55 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-05
MD5: fb01eda3436d355d6e170b83b68b9faf SHA-1: 95506f1909121ddc98dce03bb0e91dc35fdd3cdd SHA-256: 661c59326fe97d35f39ddc469ca2e62a970e7f394e7d0593a2c7c7de84059566
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The embedded URI points to a suspicious domain, suggesting it's used to host malicious content or redirect users. The document body, though heavily obfuscated, contains references to a movie title, likely a lure to entice users to click the malicious link.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7180

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://trafficel.ru/aws?utm_term=chakravarthy+kannada+movie+darshan PDF link annotation
    • https://jewezuwexokuj.weebly.com/uploads/1/3/4/7/134717424/282f685ce58a7c8.pdfIn PDF document text
    • https://bipotanerazufis.weebly.com/uploads/1/3/4/5/134597687/2128316.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4497358/normal_5faf81b205b72.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4489988/normal_5fc628a6c0446.pdfIn PDF document text
    • https://s3.amazonaws.com/vuforewebub/culture_conclusion_paragraph.pdfIn PDF document text
    • https://s3.amazonaws.com/tevigotu/super_hero_crafts_for_kids.pdfIn PDF document text
    • https://s3.amazonaws.com/feseni/mission_mangal_full_movie_free_1080p.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/588a6653-17d3-4a89-9ab0-9b9491eaaf1b/wefituzawofogeb.pdfIn PDF document text
    • https://static1.squarespace.com/static/5fdc9ff03a83d042422c3343/t/5fdca91d6ba1be148e87f0f7/1608296739059/91167232332.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/6fc3fc93-e711-4329-bb17-124abe6fdaca/stanford_elementary_school_online.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.