Malicious PDF — malware analysis report

Static analysis result for SHA-256 8b0db034e3ddadc8…

MALICIOUS

PDF

78.9 KB Created: 2021-04-02 02:43:49 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 40d5f73093bd17f10d395630e1e9ae3e SHA-1: 09b0fb58d2b747b55c42d07d5d88632cce58161a SHA-256: 8b0db034e3ddadc8ae33bec676bdeae1646c1fc8c3de03cd5c9b12fd1365a9a7
114 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file is identified as malicious by ClamAV and an ML classifier. It employs a common phishing tactic, presenting itself as an image-only document with a clickable action, typical of a screenshot lure. The embedded URL, https://bologen.ru/123?utm_term=amendment+11+florida+prison+reform, is the primary indicator of malicious intent, likely directing users to a phishing or malware distribution site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5052

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 78 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://bologen.ru/123?utm_term=amendment+11+florida+prison+reform
    • http://vizezokope.iblogger.org/approximation_theory_and_numerical_methods.pdf
    • http://denarop.22web.org/22174830856.pdf
    • https://cdn-cms.f-static.net/uploads/4415327/normal_6049d2660b933.pdf
    • https://cdn-cms.f-static.net/uploads/4385014/normal_60559e0b916ce.pdf
    • http://fozovozazu.iblogger.org/wireless_antenna_types.pdf
    • https://uploads.strikinglycdn.com/files/10ac027b-397a-48c1-98d0-5c0460d978dc/30743285470.pdf
    • https://uploads.strikinglycdn.com/files/f1d45ff0-2a16-4a4b-acd8-9086175ea9a2/tenetulorava.pdf
    • https://uploads.strikinglycdn.com/files/9a7637ca-1336-4e08-8138-bcc5247562ff/how_to_use_kindle_oasis_2019.pdf
    • https://s3.amazonaws.com/dugibabafod/59373513644.pdf
    • https://b1394492-4877-47b1-8bf2-e962974baa99.filesusr.com/ugd/3e4b7a_7db5530fe42f4bc3bb96322a3ee0ec44.pdf?index=true
    • https://s3.amazonaws.com/sojebelevenex/surodig.pdf
    • https://s3.amazonaws.com/rebesudanolo/sustainable_development_goals_meaning_in_marathi.pdf
    • http://bexiguxiluk.epizy.com/15497403552.pdf
    • https://s3.amazonaws.com/fuzafuzeruwit/pexolonuzegedaxi.pdf
    • https://fec450ea-b80f-4746-b851-35139cc02de5.filesusr.com/ugd/53a83b_664e6af5d71f4e13b917e31ca9dfe7b4.pdf?index=true
    • https://f19d2187-ce67-4d04-8798-eef694565169.filesusr.com/ugd/bd4746_482ec69b3ead4649a1aefff38b706466.pdf?index=true
    • https://s3.amazonaws.com/wiwuxot/rujin.pdf
    • https://uploads.strikinglycdn.com/files/dd80110e-156d-42c6-9b72-2c2f0fa91e27/fadimipukijewisakapubofu.pdf
    • https://uploads.strikinglycdn.com/files/1af91ae5-b107-4ec5-81f1-1aa42db538ec/bekuzobukedop.pdf
    • https://uploads.strikinglycdn.com/files/c5383eef-5652-40ce-81ff-2dfe03e2889c/zopubapamexewa.pdf
    • http://vituzitozitu.epizy.com/zabewumarobo.pdf
    • https://1afae0f6-9e35-4dc9-9db7-5dbf78511926.filesusr.com/ugd/afe78f_f7b055ea42be4101b58814ebe7ab018b.pdf?index=true
    • https://uploads.strikinglycdn.com/files/4a78730c-d711-4095-b9f9-4a866e6a73cf/how_to_find_the_enlargement_scale_factor.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.