Malicious PDF — malware analysis report

Static analysis result for SHA-256 72c56820dd573342…

MALICIOUS

PDF

46.9 KB Created: 2021-07-27 22:58:36 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-18
MD5: 9d597aeb0240200128ec756bcd647c8b SHA-1: a4b95553d86d0f7e5bb7ea9268a801004988811d SHA-256: 72c56820dd57334275afebc84f7b4b1454ba13aa3df169b4530ff633b5b308a7
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a signature indicating phishing and trojan activity. It contains an embedded URI pointing to a URL, which is a common technique for delivering malicious content or redirecting users to phishing sites. Although the document body is heavily obfuscated and unreadable, the presence of the external URI and the ClamAV detection strongly suggest a malicious intent, likely related to phishing or malware delivery.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3688

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/skout/mBVl/~3/Om9ozkHLxGw/uplcv?utm_term=ncert+exemplar+class+10+maths+solutions+chapter+8 PDF link annotation