PDF malware analysis — malicious · 6d04478cdeeb3310

MALICIOUS

PDF

51.2 KB Created: 2021-08-25 05:11:33 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-12

MD5: 5d05cb3cb8c1e07350cc852a09cf6875 SHA-1: abac8d49cf828a7764d3239b02446189f3fa48e2 SHA-256: 6d04478cdeeb331018617ead22c4199997c6e8d47956f3ac4a607079a01f7e38

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a Pdf.Phishing.Trojan signature. It contains an embedded URL pointing to a potentially malicious domain, which is a common tactic for phishing or malware delivery. Although the document body is heavily obfuscated, the presence of external URIs and the ClamAV detection strongly suggest a malicious intent.

Machine Learning

Nyx PDF Classifier clean score 0.1347

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://felix-schulze.biz/wp-content/plugins/super-forms/uploads/php/files/efoi1akqkiphes70bbu0jsqood/52136557878.pdf In PDF document text
- https://feedproxy.google.com/~r/skout/mBVl/~3/fzgW7-mxBc0/uplcv?utm_term=law+of+attraction+and+positive+thinkingPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.