Malicious PDF — malware analysis report

Static analysis result for SHA-256 7350c3cda97d0b32…

MALICIOUS

PDF

47.9 KB Created: 2021-02-22 00:41:23 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-11-07
MD5: b0e7f097a97743ad1344f577be7ccdd7 SHA-1: b7621c8ecaf0e92e82277422990443759980a1a6 SHA-256: 7350c3cda97d0b328f5c4182a64105e7d14807bf2e132630c70c64007146b8b3
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a link to a known malicious redirector, indicating a phishing attempt. The ML classifier and ClamAV detection further support its malicious nature. Although no scripts were extracted, the presence of a malicious URL strongly suggests the document is designed to lead the user to a phishing or malware distribution site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9282

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://crophysi.ru/strik?utm_term=is+the+movie+delirium+a+true+story In PDF document text
    • https://cdn.sqhk.co/gimexigerub/oidgeLQ/58988727776.pdfIn PDF document text
    • https://cdn.sqhk.co/teketerep/eQjb6gX/what_does_boulangerie_mean_in_french.pdfIn PDF document text
    • https://cdn.sqhk.co/muzorefu/heW2pjc/kubimiretu.pdfIn PDF document text
    • https://cdn.sqhk.co/depivuni/kysfxjh/celebrity_cruises_captains_club_points.pdfIn PDF document text
    • https://cdn.sqhk.co/mekizojo/vjeEWjc/lokekagap.pdfIn PDF document text
    • https://cdn.sqhk.co/wamiratena/hgSmIjf/86518234169.pdfIn PDF document text
    • http://luranowebereni.22web.org/actualizar_android_auto_suzuki.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4492588/normal_5fd31a9b78429.pdfIn PDF document text
    • https://cdn.sqhk.co/xipovowimugo/fLjjh1S/lenovo_laptops_price_list.pdfIn PDF document text
    • https://cdn.sqhk.co/natokaze/jep9hfn/jawefepo.pdfIn PDF document text
    • https://cdn.sqhk.co/mikedeto/5hiasKc/spellblade_match-_3_puzzle_rpg_mod.pdfIn PDF document text
    • https://cdn.sqhk.co/nomuzali/ymhiihW/packers_schedule_2019_dates.pdfIn PDF document text
    • https://cdn.sqhk.co/nejibija/00zPgec/notes_apple_login.pdfIn PDF document text
    • http://xakuneferufilew.iblogger.org/calligraphy_marathi_fonts_for_android.pdfIn PDF document text
    • http://wukevuwotud.rf.gd/absorber_xl_high_performance_drying_towel.pdfIn PDF document text
    • http://tavaxovowewut.rf.gd/apollo_munich_health_insurance_cashless_claim_form.pdfIn PDF document text
    • http://penalat.rf.gd/basic_english_assessment_test.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.