Malicious PDF — malware analysis report

Static analysis result for SHA-256 770df4c6c05670af…

MALICIOUS

PDF

38.0 KB Created: 2021-04-03 02:45:17 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 5ca684bb09e95cae8803a664a4cdf6e0 SHA-1: fedfdc9d2bd1cfe2b8b981caa842bcdf3fc2dcd8 SHA-256: 770df4c6c05670af8ab2505237a04771db59ac992667f652670869425d6768c4
114 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF is identified as an image-only lure, typical for phishing or malware distribution. It contains an embedded URI pointing to a suspicious domain, dugedepap.ru, which is likely intended to redirect the user to a malicious site. The ML classifier and ClamAV detection further support its malicious nature. No scripts were extracted, but the PDF structure and embedded URI strongly suggest an attempt to deliver a second-stage payload or phish for credentials.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6829

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 38 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://dugedepap.ru/award?keyword=quran+sharif+with+bangla+translation+pdf+download
    • http://dobuwiwitevotir.sportsontheweb.net/xazunatigonabaxi.pdf
    • http://jutidewolojura.mypressonline.com/99759786778.pdf
    • https://cdn-cms.f-static.net/uploads/4492259/normal_604ae27e5e479.pdf
    • https://s3.amazonaws.com/vuxalirudidel/3130335158.pdf
    • https://uploads.strikinglycdn.com/files/51c4293f-9b83-460d-a7c5-c159872372e8/85700694775.pdf
    • https://s3.amazonaws.com/juzewojavomofew/career_opportunities_in_nursing_informatics.pdf
    • https://13a7c488-548c-4b48-b567-d2b0b9a3e1de.filesusr.com/ugd/85d67f_f667bcad5c1c43cfb7bb0f9d035cd549.pdf?index=true
    • https://b0b8c8c5-0de0-49ea-8337-0a56b8a4e65f.filesusr.com/ugd/bf9dfc_e30d12eac52f4e10a4943b543199714e.pdf?index=true
    • https://uploads.strikinglycdn.com/files/439a00d7-e250-4d16-8832-7f

Open this report in the interactive analyzer, or submit your own file for analysis.