Malicious PDF — malware analysis report

Static analysis result for SHA-256 75871721f8c84fc5…

MALICIOUS

PDF

84.6 KB Created: 2021-02-08 08:16:19 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-05
MD5: cf81866f62d6456ca05ba27d20035408 SHA-1: 1bb737d549d00e64ff24b18f6d5d0a511dcdab53 SHA-256: 75871721f8c84fc533ae9113d388591e603c85c9e76e7a1c566fa630cb70d4c5
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document identified by ClamAV as 'Pdf.Phishing.Trojan'. It contains an embedded URI pointing to a suspicious domain, 'maypoin.ru', which is likely used to host malicious content or phishing pages. No scripts were extracted, but the presence of an external URI and the ClamAV detection strongly suggest a phishing or malware delivery attempt.

Machine Learning

  • Nyx PDF Classifier clean score 0.1730

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://maypoin.ru/aws?utm_term=espa%25C3%25B1a+directo+ayer+reportajes PDF link annotation