Malicious PDF — malware analysis report

Static analysis result for SHA-256 9541eaf005497b6d…

MALICIOUS

PDF

79.0 KB Created: 2021-08-26 02:50:52 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-02
MD5: ce69097dc57331d6c49a1f62e70edc24 SHA-1: b478b989d148d05d321b61ca34ce762420fb2ab3 SHA-256: 9541eaf005497b6d4a578a6a317a9283d0249a7404b764d8c4530b492b4eb8bf
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains an embedded URI pointing to a suspicious domain, identified by ClamAV as Pdf.Phishing.Trojan. The ML classifier also flagged the PDF as malicious. While no scripts were extracted, the presence of the malicious URL strongly suggests a phishing attempt to redirect the user to a harmful site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6016

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://pixomot.ru/uplcv?utm_term=verse+about+worshipping+the+lord PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.