PDF malware analysis — malicious · 749e10d94628e36f

MALICIOUS

PDF

62.3 KB Created: 2021-08-18 05:48:18 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-23

MD5: f69eda39dfd4a04521abe9a6eb2a132e SHA-1: c9bda9514cfbafb8d74d9bd8b8ee091280feb3b9 SHA-256: 749e10d94628e36ffc26fcfea4593c40c7078e00d912a0ab329f1f785b4a830d

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URI pointing to a suspicious URL. The ClamAV detection and ML classifier indicate maliciousness, strongly suggesting a phishing or malware distribution attempt. The URL itself is designed to appear as a link to 'whatsapp dare game questions', a common social engineering lure.

Machine Learning

Nyx PDF Classifier malicious score 0.5140

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/skout/mBVl/~3/Om9ozkHLxGw/uplcv?utm_term=whatsapp+dare+game+questions+with+answers PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.