Malicious PDF — malware analysis report

Static analysis result for SHA-256 7392205e1a337797…

MALICIOUS

PDF

76.3 KB Created: 2021-03-21 21:40:35 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 5278a20f7c1ea8e251a9abeffb898b49 SHA-1: 7055e9952c8d2598ffbde8f8d281987725b617bf SHA-256: 7392205e1a33779791839ea2e5ba30e8fd8995b492d74934159b1996fc59cf4d
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF containing a malicious ML classifier score and ClamAV detection, indicating it is likely a phishing or malware distribution document. It embeds a URL that likely leads to a malicious payload or phishing page. Although no scripts were explicitly extracted, the PDF structure and embedded URI suggest an attempt to redirect the user to a malicious site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8955

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jottigo.ru/award?keyword=aprende+japones+facil+pdf
    • http://shop-profildoors.ru/joziniforibheodw.pdf
    • http://robot3.site/differentiation_of_trigonometric_functions_worksheetdihkz.pdf
    • http://steblin.pro/korean_words_dictionary_formp327v.pdf
    • http://avlto.best/samsung_syncmaster_s22b300_specificationsvzam9.pdf
    • http://meblik.su/zekovudovahaybi.pdf
    • http://wisitens.online/levefezalisage5ah16.pdf
    • http://20970907.net/munchkin_sippy_cup_weighted_straw_replacement3vrxw.pdf
    • http://supermagazforsale1.xyz/boss_br_800_user_manualibj94.pdf
    • http://arendaavto.taxi/stock_investing_for_dummies_6th_editionzkqp8.pdf
    • http://tublitalia.fun/beamng_mods_carsko1pp.pdf
    • https://cdn.sqhk.co/gikiwifada/fZW6Xif/54954930812.pdf
    • http://kernig.pro/4342106485olfzz.pdf
    • http://italywow.pro/7358620484xolll.pdf
    • http://yellownatural.space/boruto_eng_sub_telegram_channellls3p.pdf
    • https://cdn.sqhk.co/dimumaneda/ijb1ggD/riwudalufu.pdf
    • http://usene.xyz/fluke_177_price_south_africamxqfc.pdf
    • http://dutusejutax.22web.org/26415200156.pdf
    • http://brightshopbg.xyz/hansel__gretel_witch_hunters_2013_brrip_720p_dual_audiormu0f.pdf
    • http://viwapuzajor.epizy.com/shikari_2016_bengali_full_movie_free.pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0001080f.bin
2ff3a56e82f576b81373cb161be3f0252438d4d15ff425cc7c76ca4cfdc90bfc		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1080F 10396 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.