Malicious PDF — malware analysis report

Static analysis result for SHA-256 95c0a925d212d770…

MALICIOUS

PDF

59.9 KB Created: 2021-03-22 04:18:53 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: fe97a9d9c9694feb6dd60dbbde0fd235 SHA-1: 34f98e5a94cc925ab7d734c6a76d2fe88167ae7d SHA-256: 95c0a925d212d770addc2e2f0ac7c4cff35447e996a06c51aac8482932c55aa0
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains multiple embedded URLs, one of which is presented as a search result for a specific book title. ClamAV and an ML classifier flagged this PDF as malicious, indicating a phishing or malware distribution attempt. The presence of embedded URLs suggests the document is designed to redirect the user to a potentially harmful site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7016

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://botokaw.ru/award?keyword=brott+och+straff+dostojevskij+pdf
    • http://boxidodo.22web.org/dd_tomb_of_annihilation_miniatures.pdf
    • https://cdn.sqhk.co/dijabidasu/TT8fngg/super_dancer_3_episode_17.pdf
    • http://wubesababo.iblogger.org/geronimo_stilton_reading_age.pdf
    • https://cdn-cms.f-static.net/uploads/4374178/normal_6042058adc4ca.pdf
    • http://bawikivogo.22web.org/19840465272.pdf
    • https://cdn.sqhk.co/suxumeva/FPJjc1h/vocabulary_builder_test_prep.pdf
    • https://cdn-cms.f-static.net/uploads/4498702/normal_604aab24d112d.pdf
    • https://cdn.sqhk.co/mowukirew/eiap6jf/guvezoxadubujawowutof.pdf
    • https://static.s123-cdn-static.com/uploads/4413119/normal_5fe1407098132.pdf
    • https://cdn-cms.f-static.net/uploads/4393186/normal_601a728818019.pdf
    • https://cdn.sqhk.co/nijodujex/jjheiaJ/ubqari_risala_july_2018.pdf
    • https://cdn.sqhk.co/zikufivol/ghhiLiC/police_officer_jobs_hiring_now.pdf
    • http://sibivelemeruzu.iblogger.org/cheap_baby_girl_clothes_0-3_months.pdf
    • http://levowemorunob.epizy.com/ansys_maxwell_64_bit_free.pdf
    • http://zasegusof.epizy.com/zujimebizazas.pdf
    • http://nupenujopufidi.epizy.com/antecedentes_judiciales_certificado.pdf
    • https://uploads.strikinglycdn.com/files/afcf17c2-3cea-49f7-ad71-06eb50a403ab/what_are_the_best_things_at_taco_bell.pdf
    • https://uploads.strikinglycdn.com/files/d8d3e0e8-f11f-4915-a3ac-b2af976cc7cc/luzinaredifibavamivowiwi.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.