PDF malware analysis — malicious · 85e46f88751aae2c

MALICIOUS

PDF

55.3 KB Created: 2021-08-01 13:57:48 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-24

MD5: 254795bd05dedc1f8410e3df48ea072e SHA-1: f18daae6ad2f592dd3eee5d7d7e4b643e8ea81f7 SHA-256: 85e46f88751aae2c1da584ef4d653ddfdb12d250d0b9effb477d3da6399af715

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The presence of embedded URLs, one of which is associated with a driver download lure, suggests a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF structure and embedded URLs point towards a spearphishing attachment attack vector.

Machine Learning

Nyx PDF Classifier malicious score 0.6369

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://mimpiindah1.com/contents//files/18256321688.pdf In PDF document text
- https://lerong.vn/wp-content/plugins/super-forms/uploads/php/files/079cacb6946212fefe2cfd690ed99a6c/59246580916.pdfIn PDF document text
- https://purevdavaa.mn/uploads/ckfinder/files/344888236.pdfIn PDF document text
- https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/zMnd8XtcwSM/uplcv?utm_term=ralink_rt3290_bluetooth_01+driver+for+windows+8+free+downloadPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.