Malicious PDF — malware analysis report

Static analysis result for SHA-256 6ac9e30190538a26…

MALICIOUS

PDF

43.7 KB Created: 2021-08-08 20:45:51 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-22
MD5: 56f5bd1fc072a8a9f977a0dca329e648 SHA-1: 719adafec6cf025e08a4c87192ddb388bc75b43d SHA-256: 6ac9e30190538a26026f93be06639c73a23e7664aa9fa72f9db1fccb7cb902b8
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URI pointing to a suspicious domain. ClamAV detection further indicates malicious intent, specifically classified as phishing. While no scripts were extracted, the presence of an external URI suggests an attempt to redirect the user to a malicious site, likely for phishing or malware distribution.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3624

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://smidgel.ru/uplcv?utm_term=circuitos+serie+paralelo+y+mixto+ejercicios+resueltos+pdf PDF link annotation