Malicious PDF — malware analysis report

Static analysis result for SHA-256 99d65419c6dc68de…

MALICIOUS

PDF

54.5 KB Created: 2021-02-25 18:30:02 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-16
MD5: de331b9bb4532314e615123c0e8d8095 SHA-1: 2ed5b56e953994a402b778948879821d4065addd SHA-256: 99d65419c6dc68de3629d00b27f91ff900885429bc1d6085eb560c70782f942a
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF containing an embedded URL that leads to a suspicious domain, identified as malicious by ClamAV and an ML classifier. The document body, though heavily obfuscated, contains keywords related to product listings, suggesting a phishing lure. No scripts were extracted, but the presence of an external URI and the overall detection profile strongly indicate a phishing attack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9577

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://leonvi.ru/award?keyword=samsung+scs-2u01+power+supply PDF link annotation
    • http://klokisik.space/how_to_fix_a_singer_sewing_machine_bobbin_case9c68n.pdfIn PDF document text
    • http://limecash.xyz/56578558418kf9uo.pdfIn PDF document text
    • http://lovelyhouse.online/jubisil5t4x.pdfIn PDF document text
    • http://bioforce-co.site/black_and_decker_food_processor_parts_fp2500c11esa.pdfIn PDF document text
    • http://bilkan.fun/56175955739nfmhq.pdfIn PDF document text
    • http://podcard2020.site/bulegilamoxevorolunowos2l0eu.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4475588/normal_5ff368e872ed4.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4501208/normal_5fe6c5a5bc809.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4479462/normal_5fee042b91de8.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4479674/normal_5ffcf128d093b.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4450353/normal_5ff57ebbc7309.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4420039/normal_6003a3b6e89d4.pdfIn PDF document text
    • http://zinizebaki.epizy.com/ielts_listening_book_4_test_1_answers.pdfIn PDF document text
    • http://wepatimaleb.epizy.com/realidades_2_capitulo_2b-_8_crossword_answers.pdfIn PDF document text
    • https://s3.amazonaws.com/kotidox/pofibukex.pdfIn PDF document text
    • http://bevevekafoli.epizy.com/barry_manilow_discography.pdfIn PDF document text
    • http://zuvojiveko.rf.gd/3d_max_booth_design_free.pdfIn PDF document text