Malicious PDF — malware analysis report

Static analysis result for SHA-256 976fdca74af1c4fb…

MALICIOUS

PDF

66.1 KB Created: 2021-05-01 18:47:52 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: bb935518fff6c9fc56cb5edab2990327 SHA-1: 2a687f1e7f6410be3456a63cb5d73db819543bf1 SHA-256: 976fdca74af1c4fb3c7a81007f1fbc145f2ec4543db7d779d5784bcfecebce03
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a 'Pdf.Phishing.Trojan' signature. It contains an embedded URL pointing to 'bologen.ru', which is likely part of a phishing attempt. The document body, though heavily obfuscated, suggests a lure related to addressing an envelope, which is a common tactic for phishing campaigns.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3474

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://bologen.ru/strik?utm_term=how+to+address+a+letter+of+recommendation+envelope
    • http://wupozigujoruzar.22web.org/pneumonia_pediatria_2020.pdf
    • https://cdn.sqhk.co/gufojakig/fWhg6jJ/62500085425.pdf
    • http://jiwafuwik.22web.org/digital_marketing_meaning.pdf
    • http://mobivegu.22web.org/acid_catalyzed_aldol_condensation.pdf
    • http://sugamipilafo.iblogger.org/activinspire_tutorial.pdf
    • https://cdn.sqhk.co/lusoxepero/S3Xhdhc/93482563388.pdf
    • https://cdn.sqhk.co/tosemixuru/c6ehi1c/download_game_forged_fantasy_offline.pdf
    • http://diranujuwi.iblogger.org/alejandro_jodorowsky_libros_gratis.pdf
    • https://cdn.sqhk.co/bamosabubesi/jczjibe/dune_2000_remastered_in_2020_download.pdf
    • http://fegekeketed.22web.org/absite_surgery_free.pdf
    • http://xivoxuvawet.iblogger.org/writing_better_lyrics_ebook.pdf
    • https://cdn.sqhk.co/zupuguvawaj/jgfgjlf/irs_refund_information_guidelines.pdf
    • https://s3.amazonaws.com/kesumasaka/father_john_riccardo_christ_is_the_answer.pdf
    • https://d75bbb92-b0e4-4b50-83e6-2443e695523b.filesusr.com/ugd/bc73b9_fcfa19cd28444dbcb305b31162d59b5a.pdf?index=true
    • https://s3.amazonaws.com/boxujetanonikuv/romeo_julieta_short_churchill_review.pdf
    • https://s3.amazonaws.com/zulezov/brandt-_daroff_exercises_for_bppv.pdf
    • https://s3.amazonaws.com/fidefofudi/asme_b31._3_2018_free.pdf
    • https://s3.amazonaws.com/gavexilatuvitaz/browserify_transform_babelify_presets.pdf
    • http://pawubiba.epizy.com/58846679084.pdf
    • http://kobelitorapojop.rf.gd/totuselop.pdf
    • https://39c10a3a-92c6-412a-a1bb-b8a1fc48fbc4.filesusr.com/ugd/259099_f210ac76225943b7a24299d0baa42eac.pdf?index=true
    • https://a0a5ada1-270c-452f-b092-d943fc6f0dc0.filesusr.com/ugd/306762_6e39750bae264ad08943f933d424e3b0.pdf?index=true
    • http://pibowaloboko.rf.gd/malayalam_love_album_audio_songs.pdf
    • http://xifuwezu.epizy.com/division_worksheets_grade_4_common_core.pdf
    • http://weromewu.rf.gd/nutrition_in_pregnancy_quizlet.pdf
    • http://xugejaf.rf.gd/editable_world_map_powerpoint_template.pdf
    • https://b7eb3c74-9f10-4efd-a612-efb7ea03662f.filesusr.com/ugd/7198c1_36244b6e1d2f4a859e12a3a75ce58ecf.pdf?index=true
    • https://02796127-04ec-4c85-b270-c6f7310ebb18.filesusr.com/ugd/ce0e6d_bcd83ff3bd8a4a0ea7a94bd994a0ac03.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.