Malicious PDF — malware analysis report

Static analysis result for SHA-256 6995016e827f2b90…

MALICIOUS

PDF

314.5 KB Created: 2021-06-09 15:43:33 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-22
MD5: 98b8fe506ac034486c0050e15384c270 SHA-1: 2165ad6c8f8ffd19240c1bfe28a57a76fa581012 SHA-256: 6995016e827f2b905e6f4c6c92a10c2d0a67572409b1ac887291025aa4c05585
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF containing an embedded URI that directs the user to a suspicious URL, likely for downloading a malicious payload. ClamAV detection further confirms its malicious nature, identifying it as a phishing trojan. No scripts were extracted, but the presence of an external URI strongly suggests a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier clean score 0.0585

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cructi.ru/uplcv?utm_term=sami+padal+download PDF link annotation