Malicious PDF — malware analysis report

Static analysis result for SHA-256 6f0e4592c6c0983e…

MALICIOUS

PDF

152.6 KB Created: 2020-11-30 20:19:14 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: c3d0ce2fb5e8515fdcfe3466dbd9e82b SHA-1: b170ae9601ece419c0d0389804610c1574cfcc75 SHA-256: 6f0e4592c6c0983e6e481389f283208ae36518a89ecc7f4c46c524d0236fcfe1
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by multiple heuristics, including a ClamAV detection for 'Pdf.Phishing.Trojan'. The embedded URL and the document's metadata suggest a phishing attempt, likely to redirect users to malicious content. Although no scripts were explicitly extracted, the PDF format itself can embed JavaScript, which is often used to initiate malicious actions like downloading further payloads or redirecting users to phishing sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9111

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://trafftec.ru/aws?utm_term=traditional+chinese+characters+pdf
    • https://sisodiwitamusoz.weebly.com/uploads/1/3/2/6/132681746/poritir_zebon_xowefon_xejago.pdf
    • https://vimadefivikimaw.weebly.com/uploads/1/3/4/2/134265378/bc381e53477.pdf
    • https://galixasuja.weebly.com/uploads/1/3/4/5/134518214/48da0.pdf
    • https://bipinutafo.weebly.com/uploads/1/3/4/3/134358532/degotobogaduto.pdf
    • https://static1.squarespace.com/static/5fc0672f60f2895dc1e54ab2/t/5fc10f73fa04221c71454882/1606487925050/songs_from_hairspray_2007.pdf
    • https://static1.squarespace.com/static/5fc016b9c30a162e0c4e17a3/t/5fc0e3b1e6d49a06bbb2d489/1606476725833/31669856887.pdf
    • https://s3.amazonaws.com/ninasivol/zogepovenazokatisoded.pdf
    • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd1e2377802d38de32e8d6/1606229540003/dajonojizinofutetin.pdf
    • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbf590c4e98326c0207b879/1606375693421/immigration_paralegal_books.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.