PDF malware analysis — malicious · 878933acb21d051d

MALICIOUS

PDF

80.0 KB Created: 2021-08-10 07:21:26 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-05

MD5: fcdabae31dccce59411c6fd499d180a1 SHA-1: 7f0691d65c807a4db0cf5dc971373be2fe8edaaa SHA-256: 878933acb21d051dadb2d33c9e0ee7094b044e80df5dc7f51162a0ee45a8051e

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The presence of embedded URLs, one of which is confirmed benign but others are unknown, suggests a phishing or redirection attempt. The PDF structure and heuristic firings point towards a phishing attack, likely delivered as a spearphishing attachment.

Machine Learning

Nyx PDF Classifier malicious score 0.5454

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://bursakaynak.com/userfiles/file/jipak.pdf In PDF document text
- http://www.pethouse.es/ckfinder/userfiles/files/30892126304.pdfIn PDF document text
- https://chetanaus.org/bheru/uploadfiles/file/pumepexubo.pdfIn PDF document text
- https://www.financedeclined.com.au/wp-content/plugins/formcraft/file-upload/server/content/files/160b5c078b0138---lerodovasipavokilopIn PDF document text
- https://feedproxy.google.com/~r/Uplcv/~3/YTWXjIUwRh0/uplcv?utm_term=ba%C4%9F%C4%B1ml%C4%B1+de%C4%9Fi%C5%9Fken+ba%C4%9F%C4%B1ms%C4%B1z+de%C4%9Fi%C5%9Fken+sorular%C4%B1PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.