Malicious PDF — malware analysis report

Static analysis result for SHA-256 6da83108d3ff8c1a…

MALICIOUS

PDF

46.2 KB Created: 2021-03-27 09:40:29 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 856906b9dce015d515ea076da04a0589 SHA-1: 30540795ea7ba6a44bf400030dd0a752829820ab SHA-256: 6da83108d3ff8c1a5244761032952d9843bbc7fda17a4761fec07a11a83eaeb0
114 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was identified as malicious by ClamAV and an ML classifier, with heuristics indicating it's an image-only lure designed to trick users into clicking an external URL. The embedded URL points to a suspicious domain, likely serving as the initial stage for a phishing attack or malware download. No scripts were extracted, but the PDF structure itself suggests a malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7903

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 46 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://fokemale.ru/award?keyword=linear+algebra+an+introduction+to+abstract+mathematics+valenza+pdf
    • https://static.s123-cdn-static.com/uploads/4484612/normal_5ff098bae378f.pdf
    • http://moreprodukti.com/kexajubolitop5o0y.pdf
    • http://rezltml.xyz/speed_of_trust_summary_pptmkmvf.pdf
    • http://zenizumalem.22web.org/jovixixalarezakibesegil.pdf
    • https://cdn-cms.f-static.net/uploads/4410416/normal_60302c33b52ef.pdf
    • http://xuribof.medianewsonline.com/86519498121.pdf
    • http://mon-cmb.best/zewibedusobqf5.pdf
    • https://cdn-cms.f-static.net/uploads/4410441/normal_6047de71f1ef2.pdf
    • http://teaitalis.space/dekozefakadajufizh9tsb.pdf
    • http://tiwegopoguxuzu.mypressonline.com/jurnal_bunga_soka.pdf
    • https://static.s123-cdn-static.com/uploads/4411219/normal_5fcaae6b75a84.pdf
    • http://dunupepemogakiw.epizy.com/27608371820.pdf
    • https://uploads.strikinglycdn.com/files/b7fcf7a9-2ea4-4043-8fde-e85d8662235e/quicken_printer_error_code_30.pdf
    • http://maferodo.epizy.com/alaipayuthey_songs_tamilwire.pdf
    • https://uploads.strikinglycdn.com/files/6ccd4796-6b40-4bbc-8613-f1bdda73ff17/3604294805.pdf
    • https://uploads.strikinglycdn.com/files/169f3f4c-5270-4f4d-a2e8-446076e965bf/diablo_2_runewords_armor_3_socket.pdf
    • http://libizokize.rf.gd/22543905952.pdf
    • https://uploads.strikinglycdn.com/files/bb913d0d-f506-4f2d-bd9a-5a9f6ef6daec/hp_envy_4500_print_settings.pdf
    • https://uploads.strikinglycdn.com/files/36bdf5b1-e596-4770-bbdb-6842fd607ce1/dulakonid.pdf
    • http://suwuriru.onlinewebshop.net/sowejesurixagodejofud.pdf
    • https://uploads.strikinglycdn.com/files/de3fdd04-d1b8-4b9f-afe1-322883b8bd0d/digital_fortress_movie_cast.pdf
    • http://mevediruzorapaz.rf.gd/91083742950.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.