PDF malware analysis — malicious · 807d7819110fcfca

MALICIOUS

PDF

54.7 KB Created: 2021-09-06 06:21:44 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-11

MD5: 5f6d6695043dddf11c199a8285627744 SHA-1: 4379f3217a7117367c8bcc2440fbd1c29e4f21ca SHA-256: 807d7819110fcfca56f32d45673a2b620f28f3a552aa5ebeb327b66a3d77295a

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Phishing.Trojan'. It contains several embedded URLs that lead to unknown or potentially malicious domains, suggesting a phishing or malware distribution attempt. The presence of PDF_URI and EMBEDDED_URL heuristics further supports the attack pattern of luring users to external sites.

Machine Learning

Nyx PDF Classifier malicious score 0.8927

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://myphamlulanjina.com/upload/files/35623941189.pdf In PDF document text
- https://denizlihorozu.com/resimler/files/rabobaz.pdfIn PDF document text
- http://palyavalaszto.hu/teszt/upload/file/rifizo.pdfIn PDF document text
- http://4chan.ro/UserFiles/file/86708939572.pdfIn PDF document text
- http://plenar.hr/wp-content/plugins/formcraft/file-upload/server/content/files/16073efd45d4f3---13112051538.pIn PDF document text
- https://feedproxy.google.com/~r/Uplcv/~3/3CAf4wW3hvY/uplcv?utm_term=petrology+and+petrography+pdfPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.