Malicious PDF — malware analysis report

Static analysis result for SHA-256 9109e78212558afe…

MALICIOUS

PDF

44.2 KB Created: 2021-08-01 15:52:09 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-21
MD5: 05eca90ae7cc754debd3d1f2e25243b4 SHA-1: 2accf2b0a70eec3d234aefcdfb563664cc47d56e SHA-256: 9109e78212558afe5ef4a0fdece81ecc7112f1b2780d350ecb935cd98e3a832d
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The file was detected by ClamAV as Pdf.Phishing.Trojan, indicating a malicious intent to phish or deliver a payload. The presence of an external URI, although marked as confirmed benign, suggests an attempt to redirect the user. The PDF structure and the ClamAV detection strongly suggest it's being used as a malicious attachment in a phishing campaign.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3624

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/skout/mBVl/~3/PmAiG5ZyT-k/uplcv?utm_term=george+altirs+net+worth+2020 PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.