Malicious PDF — malware analysis report

Static analysis result for SHA-256 867873e46a93a8f2…

MALICIOUS

PDF

65.4 KB Created: 2021-03-24 13:16:03 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-25
MD5: e792a2925d9fc363133596e222df044b SHA-1: eb002da576a8b08271f06f22dc7339b5c85dd279 SHA-256: 867873e46a93a8f29dcedf5acacd9c269316fcfc83267abcbccc19d9c7ceb1ba
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5247

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://soxebez.ru/award?keyword=livre+d+orthographe+fran%25C3%25A7aise+pdf PDF link annotation
    • https://cdn.sqhk.co/wagomito/idhin7P/snes_emulator_chromebook_unblocked.pdfIn PDF document text
    • https://cdn.sqhk.co/mekurapiw/ZXghicy/youtube_eagles_greatest_hits.pdfIn PDF document text
    • https://cdn.sqhk.co/gerezowuves/b29d8jc/simcity_buildit_cheats_ipad_free.pdfIn PDF document text
    • https://cdn.sqhk.co/movumatoz/ggNgjFZ/51982892719.pdfIn PDF document text
    • https://cdn.sqhk.co/potasuregoz/1dhccgj/one_gold_bar_price.pdfIn PDF document text
    • https://cdn.sqhk.co/moxelutedoje/2gy3jbm/bangla_art_film_2019.pdfIn PDF document text
    • https://cdn.sqhk.co/lewoxiguj/uk6jgge/asteroid_definition_for_kid.pdfIn PDF document text
    • https://cdn.sqhk.co/fufejapopunu/4xggdif/ridejekatozozak.pdfIn PDF document text
    • https://cdn.sqhk.co/tovisegag/dbieNWj/vuriboduwurisezaguwini.pdfIn PDF document text
    • https://cdn.sqhk.co/punipopi/hvFgggh/classic_hits_radio_usa.pdfIn PDF document text
    • https://cdn.sqhk.co/visukodo/4hdBmNr/ultimate_horse_simulator_mod_apk_level.pdfIn PDF document text
    • https://cdn.sqhk.co/derebeduno/7HLgUhd/98437314501.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/ae5f92ed-9d84-4703-bdd2-843a8d643685/39139346705.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/fe67fbf6-8d2b-493d-be73-03d897ccd126/65309331607.pdfIn PDF document text
    • https://s3.amazonaws.com/padadutiseni/67742848035.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/036d49ae-2f16-4cf0-98b6-2f1eed157d3a/javunamuperojixitolasaw.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/51c0a5d4-e888-49bc-98e0-62499485f915/65216554656.pdfIn PDF document text
    • https://s3.amazonaws.com/fekife/anemia_falciforme_sintomas_em_recem_nascidos.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/a8c2cbcf-ee88-4a87-aab7-731c6b2f4b8e/how_to_formulate_a_strategy_statement.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/ffa3cd11-50df-487a-9dd4-99ee227a485f/learn_calligraphy_margaret_shepherd_free_download.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/95f1f124-f33e-4102-824a-63eabede3d0e/dymo_labelwriter_4xl_not_printing_correctly_mac.pdfIn PDF document text
    • https://s3.amazonaws.com/bipepezuwed/transunion_canada_credit_report_request_form.pdfIn PDF document text
    • https://s3.amazonaws.com/dafumuxitupav/sefosep.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.