Malicious PDF — malware analysis report

Static analysis result for SHA-256 66c1b21dff470d04…

MALICIOUS

PDF

48.0 KB Created: 2021-05-12 10:10:47 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-25
MD5: d3c47e84d3269c36d616b36c1f67894f SHA-1: a346d7897d407b0e99317530868f1f0855b59a4a SHA-256: 66c1b21dff470d04403998d9c08b8fb43518c0789e67e47834947cb72689b802
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7086

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jacksth.ru/strik?utm_term=10+day+green+smoothie+cleanse+book+near+me PDF link annotation
    • http://giwitap.getenjoyment.net/dagijabemimezamodixo.pdfIn PDF document text
    • http://loxesitigogu.iblogger.org/data_envelopment_analysis_tutorial.pdfIn PDF document text
    • http://xifutipixa.mywebcommunity.org/cute_monthly_calendar_2020.pdfIn PDF document text
    • http://lopixerirerenex.mywebcommunity.org/lofosirezakol.pdfIn PDF document text
    • http://jibesikore.iblogger.org/achilles_tendonitis_exercises_arthritis_uk.pdfIn PDF document text
    • https://e301b21f-f707-426c-a094-6199d4b1a2d6.filesusr.com/ugd/f65518_d2d4418f8a9246248a9d009f6aaa00e5.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/liwafo/tugumeruvemapoxef.pdfIn PDF document text
    • http://revipaziwu.epizy.com/interview_questionnaire_format.pdfIn PDF document text
    • https://s3.amazonaws.com/gajakelegeza/64661461309.pdfIn PDF document text
    • https://de2ee6d5-caaa-4265-b15c-40100ab77d99.filesusr.com/ugd/d43733_5ed39e8a0c3f44ea9b1500d190535c9d.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/jevelel/60564527450.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/d4bba6de-9142-4c92-a5b9-ae83543bdad4/fibalugu.pdfIn PDF document text
    • http://diveruwafulebes.epizy.com/hallelujah_piano_letter_sheet_music.pdfIn PDF document text
    • https://c2267750-1f6d-4c2f-944a-eb302c7f07d7.filesusr.com/ugd/93971e_801ba1b142304590995635f29d3c3702.pdf?index=trueIn PDF document text
    • http://welididoseburiv.epizy.com/coolie_no_1_bhojpuri_movie_3gp.pdfIn PDF document text
    • https://3d3b31fc-6152-41c7-b1d4-a4af3afcce63.filesusr.com/ugd/3f8d85_6a43ac530027433d98811ac9efd95f79.pdf?index=trueIn PDF document text
    • http://pupokimixuveted.epizy.com/97168027155.pdfIn PDF document text
    • https://s3.amazonaws.com/kizugokofo/how_do_u_factory_reset_a_kindle_fire.pdfIn PDF document text
    • https://s3.amazonaws.com/lumixi/fapepovolusagasa.pdfIn PDF document text
    • http://gekeweluzal.epizy.com/pugigafibetojuzapob.pdfIn PDF document text
    • http://wobagufiri.rf.gd/87771259697.pdfIn PDF document text
    • http://zedotedifajo.epizy.com/antibodies_test_report.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/682a610f-62b5-4eb7-be8c-598960006559/how_to_change_the_toner_on_a_brother_mfc.pdfIn PDF document text
    • http://sulorowanutabu.atwebpages.com/nokuvu.pdfIn PDF document text