Malicious PDF — malware analysis report

Static analysis result for SHA-256 71ae0d3eed049b19…

MALICIOUS

PDF

67.6 KB Created: 2020-11-20 17:24:07 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: c1a936e63d96779ea710cdd79193d8fb SHA-1: 9946fa0163912f6d523eda64f2800b04f5d6e361 SHA-256: 71ae0d3eed049b19c02b6859d4ddea4f31e855a1b56684144b8735affe0c1bc8
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URL, which is a common tactic for phishing or malware distribution. The ClamAV detection and ML classifier strongly indicate malicious intent. The embedded URL, https://traffset.ru/aws?utm_term=cag+full+form+in+kannada, likely leads to a malicious payload or phishing page. No scripts were extracted, but the PDF structure and embedded URI are sufficient indicators of malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8617

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffset.ru/aws?utm_term=cag+full+form+in+kannada
    • https://manomukujoputu.weebly.com/uploads/1/3/4/5/134517900/gekaponevadasow.pdf
    • https://zomomawiwupid.weebly.com/uploads/1/3/4/3/134385308/bejemonetinapadew.pdf
    • https://movulejovem.weebly.com/uploads/1/3/4/4/134470355/4730331.pdf
    • https://cdn-cms.f-static.net/uploads/4379719/normal_5f8da1b5293dc.pdf
    • https://wirufaxiferid.weebly.com/uploads/1/3/4/5/134599318/7303094.pdf
    • https://cdn-cms.f-static.net/uploads/4366347/normal_5f96c3fd27f9d.pdf
    • https://cdn-cms.f-static.net/uploads/4374522/normal_5fad555908a2d.pdf
    • https://uploads.strikinglycdn.com/files/a9ebed0f-9656-4567-af15-0f466c9b0d84/mitifosofigobifasokiz.pdf
    • https://s3.amazonaws.com/pulavokaxe/23056906943.pdf
    • https://uploads.strikinglycdn.com/files/4548bc72-30fa-424f-acf0-730c1b935c70/44882031063.pdf
    • https://uploads.strikinglycdn.com/files/8a20580c-91ce-4191-b1f6-503410a72021/classe_vo_nmero_turnitin.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.