Malicious PDF — malware analysis report

Static analysis result for SHA-256 975ef2764c6cd675…

MALICIOUS

PDF

40.7 KB Created: 2021-04-20 20:54:02 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: cd200cceb70d31bee7822d27b69d7bd0 SHA-1: 86ea301ad5ff058a2706288efc0c8d5472bfed74 SHA-256: 975ef2764c6cd675859dea943697e4bb66ce70c99be1acfb506c4e70adc61371
114 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file is identified as a phishing lure due to its image-only content and a clickable action that redirects to an external URL. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded URL likely leads to a phishing page designed to deceive the user.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8524

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 40 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://lozipotod.ru/strik?utm_term=sopa+de+letras+para+ni%25C3%25B1os+de+quinto+grado+de+primaria+para+imprimir
    • https://static.s123-cdn-static.com/uploads/4426945/normal_6008622007f20.pdf
    • https://cdn-cms.f-static.net/uploads/4446651/normal_602557aa6c4cb.pdf
    • http://zujonatuvetivux.iblogger.org/12974836846.pdf
    • https://cdn-cms.f-static.net/uploads/4459324/normal_606df0b60eaf8.pdf
    • https://30f21d72-2b41-4965-a7bc-2abb02bf1ded.filesusr.com/ugd/47e66e_b0a42db245114d1e8957d841ea4b6ca2.pdf?index=true
    • https://s3.amazonaws.com/jepavilutabilel/kidujanuwupof.pdf
    • https://be8f41f0-9ddd-434d-ab6d-aa755a40b80d.filesusr.com/ugd/726d9c_96fbcc2274694b4e81099adaced91c15.pdf?index=true
    • http://safijojakas.epizy.com/bk_precision_390a_manual.pdf
    • https://uploads.strikinglycdn.com/files/081d18cd-f90d-43b1-99dc-31e7be5f7451/78383490964.pdf
    • http://lenamopotinapar.epizy.com/92885212627.pdf
    • https://uploads.strikinglycdn.com/files/d4436493-a29f-4384-b72c-7a079b3cb875/12048476958.pdf
    • https://s3.amazonaws.com/vitelitubovuluj/android_9_pie_for_oppo_f9_pro.pdf
    • https://s3.amazonaws.com/wovedukevikov/16402977544.pdf
    • https://s3.amazonaws.com/dezajok/dremel_4200_quit_working.pdf
    • https://s3.amazonaws.com/zafirawit/how_to_become_a_certified_insurance_agent.pdf
    • https://050a9d39-d8a1-4107-8be8-b2b70b72e454.filesusr.com/ugd/5262df_a80a28446e3b4ef6ae056bbb6c6be195.pdf?index=true
    • https://s3.amazonaws.com/ronatiduzoxij/puzzle_template_ppt.pdf
    • http://tumitodutib.rf.gd/jediboj.pdf
    • https://s3.amazonaws.com/lunojol/rumi_love_poem_book.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.