Malicious PDF — malware analysis report

Static analysis result for SHA-256 676aa258ba180a7d…

MALICIOUS

PDF

52.6 KB Created: 2020-11-13 05:19:39 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 66c5d089c874d12ace7eac3cf73a6e20 SHA-1: 2e667a712e38e78bcea8bf17d0572ccaf22353d9 SHA-256: 676aa258ba180a7d00e03b14beff9fdc708a9d20143e8d5eee4637f288367ade
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains an embedded URI pointing to a suspicious domain, and ClamAV detection confirms it is a phishing trojan. The document body, though heavily obfuscated, contains text related to a 'hall ticket' which is likely used as a lure to trick users into clicking the malicious link. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7015

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffset.ru/aws?utm_term=hall+ticket++2018+calicut+university
    • https://nosodawef.weebly.com/uploads/1/3/4/6/134693330/venuzovuditivimuxevi.pdf
    • https://cdn-cms.f-static.net/uploads/4366647/normal_5f8f27fbaffc6.pdf
    • https://cdn-cms.f-static.net/uploads/4368731/normal_5f907c4a357b4.pdf
    • https://uploads.strikinglycdn.com/files/43a04358-c4f6-480d-913b-d165f0f87ce7/toshiba_regza_26av733g_firmware.pdf
    • https://uploads.strikinglycdn.com/files/6340dcc5-fa18-4d65-9999-63f7e151ef06/gukuwelavamofilarud.pdf
    • https://uploads.strikinglycdn.com/files/22a4650d-c58a-44ef-970c-0204cefe228b/63587700771.pdf
    • https://uploads.strikinglycdn.com/files/3beb7bb0-0836-43c5-8d39-02a41555a68c/89569443658.pdf
    • https://s3.amazonaws.com/mizeteb/rimovinukojagib.pdf
    • https://s3.amazonaws.com/baxegezivumi/eccentric_calf_exercises.pdf
    • https://uploads.strikinglycdn.com/files/f1d5e43b-914e-4aec-ada2-c8ca8f387378/nowokire.pdf
    • https://uploads.strikinglycdn.com/files/7f7f20bd-270f-4e3a-bc85-75e0060f03bc/70539830330.pdf
    • https://uploads.strikinglycdn.com/files/7601abee-8fa7-4200-9c98-9289f0562852/dejinosanaxodananodozeri.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.