Malicious PDF — malware analysis report

Static analysis result for SHA-256 74bf37acea1555d8…

MALICIOUS

PDF

50.3 KB Created: 2021-03-22 01:15:37 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: e12e4e358c7148876ef26e352bb2e17e SHA-1: 8830673aa1943fa1014d2d2819c805256a7e791f SHA-256: 74bf37acea1555d8652e99cbfe54484ec00c72ae8679c6639ffc476cd225b0eb
114 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file is identified as malicious by ClamAV and an ML classifier. It employs a common phishing tactic by presenting a full-page image as a lure, designed to prompt a click on an embedded URI. This URI, 'https://gimoguvi.ru/award?keyword=advanced+engineering+mathematics+by+rk+jain+3rd+edition+pdf', likely leads to a phishing page.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7260

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 50 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gimoguvi.ru/award?keyword=advanced+engineering+mathematics+by+rk+jain+3rd+edition+pdf
    • https://wusitezuredov.weebly.com/uploads/1/3/5/3/135314125/274cb.pdf
    • https://jefiwoso.weebly.com/uploads/1/3/5/9/135996081/vebalutiderus.pdf
    • https://boxagabopevonud.weebly.com/uploads/1/3/4/3/134353696/fowebaxep-wumozuzijufiki-bositori-vorolesupov.pdf
    • https://viwuwobigoku.weebly.com/uploads/1/3/1/3/131378942/xipedixov.pdf
    • https://nepexinis.weebly.com/uploads/1/3/1/4/131438592/3609771.pdf
    • https://vizavidonase.weebly.com/uploads/1/3/4/0/134040461/jixabit_gobunamira_lizozas_sukunolatijig.pdf
    • http://timinome.getenjoyment.net/how_to_make_amends_aa.pdf
    • http://lipazegeboludep.sportsontheweb.net/flowers_for_algernon_questions_and_answers.pdf
    • http://rixuliketasaban.mywebcommunity.org/how_much_does_an_electrical_engineer_earn_per_month_in_south_africa.pdf
    • https://zukixemafeka.weebly.com/uploads/1/3/1/3/131398149/dewodedete_gopelax_buxupatupu_vegelevav.pdf
    • https://foderojev.weebly.com/uploads/1/3/4/0/134041652/winezixiw_bezekogujif_fiwowubu.pdf
    • https://uploads.strikinglycdn.com/files/03e6cf9e-0e32-4564-ba60-aebab42c700d/medio_de_comunicacion_mas_usado.pdf
    • https://s3.amazonaws.com/rizezobabub/lafejoziru.pdf
    • https://s3.amazonaws.com/dutimajizowa/131940050.pdf
    • https://s3.amazonaws.com/zafibimutadoti/how_to_cite_words_from_a_poem_chicago.pdf
    • https://uploads.strikinglycdn.com/files/f347380b-196d-4a66-bea8-aa708413319d/rigerutasoxizidibi.pdf
    • https://s3.amazonaws.com/gisujubolidine/17996346921.pdf
    • https://s3.amazonaws.com/sesafefanulokam/total_gym_xls_vs_total_gym_fit.pdf
    • https://uploads.strikinglycdn.com/files/e124ac89-fc92-43f6-a28c-9ffd0fb8b2b1/biochemistry_book_lehninger.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.