Malicious PDF — malware analysis report

Static analysis result for SHA-256 7c903c2c8eb670dd…

MALICIOUS

PDF

61.0 KB Created: 2021-02-26 02:20:59 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-11-02
MD5: 6d2a6c2bc35306e074289c99e1c639b2 SHA-1: 7b73c0140c516b7f4a1764f450507b6399ce526a SHA-256: 7c903c2c8eb670dd5fa70f3f492869da0810bc8a632dabd69ec9d1de8e5a1e6a
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains an embedded URL pointing to 'bologen.ru', which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, contains keywords related to the URL, suggesting a lure to trick users into clicking the link.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9417

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://bologen.ru/award?keyword=john+deere+345+electrical+problem PDF link annotation
    • http://digitaltoolsfor.xyz/pokemon_3d_game_for_android_phoneqp2o1.pdfIn PDF document text
    • http://tufofol.medianewsonline.com/how_to_get_bigger_legs_with_bodyweight.pdfIn PDF document text
    • http://telemprom.xyz/459095243543yfgd.pdfIn PDF document text
    • http://clyb-wylcan3.space/whats_the_lucky_color_for_2021nkq1g.pdfIn PDF document text
    • http://ndfnasg.xyz/9940420907qrela.pdfIn PDF document text
    • http://milanomoda-italy.website/bootstrap_slideshow_template_freexlhxp.pdfIn PDF document text
    • http://baffer-shop.space/31489399710p4wt7.pdfIn PDF document text
    • http://kipivejezijab.iblogger.org/bezironuzolajej.pdfIn PDF document text
    • https://s3.amazonaws.com/tumasun/20937466867.pdfIn PDF document text
    • http://lokimutopilar.epizy.com/2931091915.pdfIn PDF document text
    • http://kipafiperugava.epizy.com/how_have_you_been_answers.pdfIn PDF document text
    • https://s3.amazonaws.com/wanasuvedigo/coding_standards_in_android.pdfIn PDF document text
    • https://s3.amazonaws.com/vudivuzakal/dreams_fleetwood_mac_piano_sheet_music.pdfIn PDF document text
    • https://s3.amazonaws.com/nutanigonu/zilovegepelapedokuvade.pdfIn PDF document text
    • https://s3.amazonaws.com/wukara/doors_level_18_answer.pdfIn PDF document text
    • http://jabujiwotase.epizy.com/jvc_kd-r950bt_manual.pdfIn PDF document text
    • http://luwemazezabubat.rf.gd/mobile_antivirus_app.pdfIn PDF document text
    • http://zetomasiju.rf.gd/what_is_the_correct_equation_for_average_velocity.pdfIn PDF document text
    • http://genenapukiral.epizy.com/sumesirikiwisimerinif.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.