Malicious PDF — malware analysis report

Static analysis result for SHA-256 93a50d428d25a0ce…

MALICIOUS

PDF

51.2 KB Created: 2021-02-27 05:45:39 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-12
MD5: a48ef0cb1f117d6b713a3522e49e122b SHA-1: c09fb9eb851b96036fb1a2e7f0a01c46eb861574 SHA-256: 93a50d428d25a0ced3ebef11ab4e382dbb6944c8911920af5706b6faa908b6d5
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by multiple heuristics and a machine learning classifier. It contains an embedded URI pointing to a suspicious domain, which is likely part of a phishing or scam attempt. The document body, though heavily obfuscated, suggests a lure related to product specifications. No scripts were extracted, but the presence of external URIs indicates an attempt to redirect the user to malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7590

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jumiwimov.ru/award?keyword=samsung+js8500+specs PDF link annotation
    • https://cdn.sqhk.co/toxinize/fhagggd/74298875331.pdfIn PDF document text
    • http://reetodo.online/mimegimurewotebewi23pnt.pdfIn PDF document text
    • https://cdn.sqhk.co/fanabezom/vghBggL/hello_neighbor_unblocked_games_77.pdfIn PDF document text
    • https://cdn.sqhk.co/mujowofapubi/6Djhgd1/easiest_way_to_sharpen_a_knife.pdfIn PDF document text
    • https://felipivi.weebly.com/uploads/1/3/1/8/131856333/gixutage_lizoziwebabu_bizegefifivelu.pdfIn PDF document text
    • http://armada.technology/875857212795wkpx.pdfIn PDF document text
    • http://serviceforyou.site/negative_binomial_regression_panel_data_statayxpod.pdfIn PDF document text
    • https://cdn.sqhk.co/woleparos/djfgjJr/mosazoxip.pdfIn PDF document text
    • http://getbuiss.online/pavosewekiloruri6h60.pdfIn PDF document text
    • https://s3.amazonaws.com/tawosutosuxi/7164630219.pdfIn PDF document text
    • https://s3.amazonaws.com/minabiwa/engg_drawing_sheet.pdfIn PDF document text
    • https://s3.amazonaws.com/fajeloninesitel/jutaminajepufo.pdfIn PDF document text
    • https://s3.amazonaws.com/wovugi/39224228065.pdfIn PDF document text
    • https://s3.amazonaws.com/zafaronivaj/assamese_new_song.pdfIn PDF document text
    • https://s3.amazonaws.com/ravuxudibure/97049726610.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.