Malicious PDF — malware analysis report

Static analysis result for SHA-256 7c2152e08329f941…

MALICIOUS

PDF

54.0 KB Created: 2021-03-18 04:44:49 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-11-20
MD5: 73d630b2b3a7ca315b7f0ee1016d90c1 SHA-1: 9851583ab5696cc2de9fe4b1269ca23a159b1c40 SHA-256: 7c2152e08329f941ea641b748d6e704b88245e0e1783df8b7522f7fe8bcabc00
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a URI pointing to a suspicious domain, and ML classifiers and ClamAV detect it as malicious. The document body, though heavily obfuscated, suggests a lure related to 'Alexia significado pdf' to entice users to click the embedded link. No scripts were extracted, but the presence of a malicious URI and detection signatures strongly indicate a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8304

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://botokaw.ru/award?keyword=alexia+significado+pdf PDF link annotation
    • https://cdn-cms.f-static.net/uploads/4486351/normal_601ab9fec497e.pdfIn PDF document text
    • https://cdn.sqhk.co/zuronenom/idTgf9o/jonasotezunes.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4469143/normal_5fd1a66048b3b.pdfIn PDF document text
    • https://cdn.sqhk.co/gowexenopa/fjihhcE/yellow_soulier_bebe.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4388619/normal_5fcd67657e349.pdfIn PDF document text
    • http://greenbike.shop/super_retro_16_apk_paidq3quu.pdfIn PDF document text
    • https://cdn.sqhk.co/zirigajer/9giigjg/world_war_ii_pacific_battle_site.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4365540/normal_5fe9af6508f67.pdfIn PDF document text
    • http://circus.market/xezaxezisaor5ql.pdfIn PDF document text
    • https://cdn.sqhk.co/verexoleki/ja0hb44/82803070319.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4485589/normal_60464700aa559.pdfIn PDF document text
    • https://cdn.sqhk.co/depivuni/gfjekjg/64873875134.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4392868/normal_5ff3b1fa07b17.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4412889/normal_6030f5230bfdb.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4461201/normal_600af9bc6f07c.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4377663/normal_6005b9fb79923.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4467017/normal_5fec968e9832c.pdfIn PDF document text
    • https://cdn.sqhk.co/noxivudeva/djiFifk/top_marketing_group_stockton_ca.pdfIn PDF document text
    • http://fullpisetc.ru/computer_guide_for_beginners_free_download41po3.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4403946/normal_6007e988e04a7.pdfIn PDF document text
    • http://rkconstructionsucks.com/carbs_in_sbarro_pizzas670d.pdfIn PDF document text
    • https://cdn.sqhk.co/rapovixovuti/hchdjiA/my_talking_tom_game_download_please.pdfIn PDF document text
    • https://cdn.sqhk.co/bixevemaxi/8fUjffF/18760144689.pdfIn PDF document text