Malicious PDF — malware analysis report

Static analysis result for SHA-256 7dae0496f4c84e93…

MALICIOUS

PDF

79.6 KB Created: 2021-09-07 05:38:09 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-07
MD5: bdbe9e74d85cee5c507aa027da35fb7b SHA-1: b8c9135fa837b5a57f5412acdc16f07fe82e1b16 SHA-256: 7dae0496f4c84e933f2ccc471c53e038c6f57ed8d5d88a1f20b6d0422aa9a856
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected as malicious by ML classifiers and ClamAV, specifically identified as a phishing trojan. It contains embedded URLs that likely lead to further malicious content or phishing pages. The presence of external URIs suggests an attempt to redirect the user to a compromised or malicious site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9361

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://baracenter.be/userfiles/file/xobodite.pdf In PDF document text
    • http://www.lebedosapartotel.com/data/yukle/files/67469509832.pdfIn PDF document text
    • https://gachbinhduong.com/upload/file/borezopadupafobowilafofe.pdfIn PDF document text
    • http://asalsold.com/wp-content/plugins/formcraft/file-upload/server/content/files/16073d30ed858c---33732566799.pdfIn PDF document text
    • https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/3CAf4wW3hvY/uplcv?utm_term=lozan+antla%C5%9Fmas%C4%B1n%C4%B1n+pdfPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.