Malicious PDF — malware analysis report

Static analysis result for SHA-256 8414222236fdc909…

MALICIOUS

PDF

59.3 KB Created: 2021-03-18 23:02:51 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: af8d41e788781944db0da450af93bbc6 SHA-1: ba5662619d9ab97c645492209a303c3529d6291f SHA-256: 8414222236fdc909c1952e5bbc5cb07cf57b753a3f962177ec064efcd08bb526
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by multiple heuristics, including ClamAV and an ML classifier. It contains an embedded URI pointing to a suspicious domain, which is likely used to host malicious content or redirect users to a phishing site. The document body, though heavily obfuscated, contains references to a 'name generator' and the wkhtmltopdf tool, suggesting a lure to disguise the malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8425

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jumiwimov.ru/strik?utm_term=wu+tang+clan+name+generator+reddit
    • http://zutatowatipo.mywebcommunity.org/78568947206.pdf
    • https://static.s123-cdn-static.com/uploads/4449629/normal_5feafee1ba632.pdf
    • https://static.s123-cdn-static.com/uploads/4421061/normal_6003b9c0b0d90.pdf
    • https://cdn-cms.f-static.net/uploads/4384482/normal_604bc1aea5ad8.pdf
    • http://wefigofozotime.22web.org/count_zeros_in_np_array.pdf
    • https://cdn-cms.f-static.net/uploads/4389809/normal_603eaf2fb34d4.pdf
    • https://cdn-cms.f-static.net/uploads/4459937/normal_6023cde673ca3.pdf
    • http://dufigep.scienceontheweb.net/1982110955.pdf
    • http://sujatafuluwariv.22web.org/davuvazafa.pdf
    • http://gufurebu.medianewsonline.com/zowilujam.pdf
    • https://cdn-cms.f-static.net/uploads/4483354/normal_6041aff9dd0bb.pdf
    • https://cdn-cms.f-static.net/uploads/4376362/normal_600d420d9683c.pdf
    • http://baxajuzurajuj.rf.gd/formule_loi_binomiale_1ere_s.pdf
    • https://uploads.strikinglycdn.com/files/7462e877-71fa-4c61-8988-65ca4048daad/94847917941.pdf
    • https://uploads.strikinglycdn.com/files/70a49a18-13c2-4e4a-8a9d-8f59a9d0495a/tabikowanibijanolo.pdf
    • http://palelezugob.onlinewebshop.net/how_to_pray_salatul_istikhara.pdf
    • https://uploads.strikinglycdn.com/files/bfcb7596-c8e0-4f1d-b902-eaf8f987e5a3/are_dreams_reality_or_imagination.pdf
    • https://s3.amazonaws.com/woneketelak/nutraceutical_industry_project_report.pdf
    • https://s3.amazonaws.com/rurosaveruk/34087404072.pdf
    • https://s3.amazonaws.com/pirofopafu/suwadub.pdf
    • https://uploads.strikinglycdn.com/files/b8facd5f-fe6f-49fc-b779-df7483dcf32e/gesejisexolemagaviduzuri.pdf
    • https://s3.amazonaws.com/nilafafakem/bipimejokivek.pdf
    • https://s3.amazonaws.com/widiku/sports_car_colouring_sheets.pdf
    • https://uploads.strikinglycdn.com/files/e914bb8b-72ce-46e0-91d0-b11c24090e7c/respuestas_del_curso_aprendizajes_clave_primaria.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.