PDF malware analysis — malicious · 96ce47c150ee26cc

MALICIOUS

PDF

41.7 KB Created: 2021-09-23 07:05:15 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-26

MD5: cfcb9de2252f022be71dce8588745ecd SHA-1: 17a7bcdd7aa8e534067b05112198f3a043140d79 SHA-256: 96ce47c150ee26ccf4bded1ab0252ed4db456540f6f9ecd96319fc6256bec7e9

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is a PDF that contains embedded URLs, one of which points to a PDF file hosted on a suspicious domain. ClamAV detected this file as a phishing trojan, and ML classifiers also flagged it as malicious. The presence of these indicators suggests the document is part of a phishing campaign designed to trick users into downloading further malware.

Machine Learning

Nyx PDF Classifier malicious score 0.5388

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://cameronhaddock.com/wp-content/plugins/formcraft/file-upload/server/content/files/1614032a2c931b---38200537540.pdf In PDF document text
- https://ntiverification.com/userfiles/file/tusobenonekemIn PDF document text
- https://feedproxy.google.com/~r/skout/mBVl/~3/zMnd8XtcwSM/uplcv?utm_term=download+hack+bowmastersPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.