Malicious PDF — malware analysis report

Static analysis result for SHA-256 8d5f7ae146a78a65…

MALICIOUS

PDF

51.7 KB Created: 2021-03-13 23:22:45 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 219572aae78a12dcf91715edf9e3686e SHA-1: 17cd26ef24180af993fa2af76e0a50ab1e24e8d8 SHA-256: 8d5f7ae146a78a657465fed6d2365d7f5748f6cfbf39c53b276d59bf9c534d98
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected as malicious by ML classifiers and ClamAV, specifically identified as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, likely intended to trick the user into downloading a further malicious payload. The document body is heavily obfuscated and unreadable, but the presence of external links and the malware detection strongly suggest a phishing or downloader attack pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7977

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://crophysi.ru/award?keyword=careless+whisper+tab+guitar+pdf
    • http://shop-onlinediscount.xyz/tuvonowajewopopivr8vo9.pdf
    • http://fruit-citrus.space/dungeon_quest_script_october2ntda.pdf
    • http://pmaider.com/64899963043g8avx.pdf
    • https://fezapatinegu.weebly.com/uploads/1/3/4/2/134266508/vebokitonu_risefapis_sugofamitimiz_mixigima.pdf
    • https://cdn.sqhk.co/tuwisota/Cvy6Aja/sezox.pdf
    • http://bridgecommerce.com/pezumijamogjg4h2.pdf
    • http://rollernefritmassage.xyz/sederenogji.pdf
    • https://cdn.sqhk.co/navotezive/lxv1hed/98023468666.pdf
    • https://kogexabisuzim.weebly.com/uploads/1/3/4/3/134322867/4992922.pdf
    • http://anrostore.ru/formal_letter_uk_englishr4nrq.pdf
    • http://waystep.site/88158275817wa22j.pdf
    • http://ranking-se.com/wovawav83ip0.pdf
    • https://cdn.sqhk.co/raxinosi/ZjdiapQ/multi_color_ballpoint_pens.pdf
    • https://cdn.sqhk.co/kugefiruxat/jeUkFog/20629794098.pdf
    • https://cdn.sqhk.co/janezewufaj/Ohg2Aja/12731350897.pdf
    • https://nezuzubes.weebly.com/uploads/1/3/5/3/135327702/2d6a892f276.pdf
    • https://s3.amazonaws.com/mojivikapeti/how_to_concrete_mix_design.pdf
    • https://s3.amazonaws.com/fowikorejodi/free_simple_joomla_templates_3._8.pdf
    • https://s3.amazonaws.com/vekodupiwarobi/vigenuvebejisirarerajase.pdf
    • https://s3.amazonaws.com/vinivuxo/nuzovizifigerusow.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.