PDF malware analysis — malicious · 73855283421bcb29

MALICIOUS

PDF

53.0 KB Created: 2021-08-12 16:14:30 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-24

MD5: b745ea48b4ab507c53fcd808fc558de6 SHA-1: 53b49a62dec5b05615f2b1ee12dff752a06a2440 SHA-256: 73855283421bcb2967cd07b9152c55a901e2de377a9dde6085e1716467bd5de0

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a signature indicating it is a phishing trojan. It contains embedded URLs, one of which is confirmed benign, but others point to potentially malicious PDF files. The PDF document itself appears to be malformed or obfuscated, making direct content analysis difficult, but the presence of external URIs suggests an attempt to redirect the user to malicious content.

Machine Learning

Nyx PDF Classifier suspicious score 0.4985

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://dolphinsolutions.net/ckfinder/userfiles/files/dazugukujowavinafa.pdf In PDF document text
- https://earthideasawnings.com/wp-content/plugins/formcraft/file-upload/server/content/files/160b04f7d3ecf3---29475474285.pdfIn PDF document text
- http://promocode.lu/userfiles/files/17027936418.pdfIn PDF document text
- https://feedproxy.google.com/~r/skout/mBVl/~3/Om9ozkHLxGw/uplcv?utm_term=centro+de+recursos+en+linea+metodologia+dela+investigacion+sampieriPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.