Malicious PDF — malware analysis report

Static analysis result for SHA-256 9b418d654a347d54…

MALICIOUS

PDF

54.5 KB Created: 2021-03-11 16:51:27 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-24
MD5: 472d80cbbcb5cdf307c500caf3f3541f SHA-1: 110766830ac19eeeba99d4bd94d364af20227600 SHA-256: 9b418d654a347d54bf0aa13a89b068e478e05bc4266d47abc98300db3bc13cfd
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5927

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://baarspo.ru/award?keyword=biology+notes+12th+class+pdf PDF link annotation
    • http://titoto.xyz/matemticas_avanzadas_para_ingeniera_oneil4q2s3.pdfIn PDF document text
    • http://pubggaming.online/pijunefunesuxiluvutaxikor1jmf.pdfIn PDF document text
    • http://nigma24invest.online/xuvinobovatokotibijevulmsr4a.pdfIn PDF document text
    • https://vozokeku.weebly.com/uploads/1/3/1/8/131857213/4553541.pdfIn PDF document text
    • http://sadovik.me/latitude_e6410_keyboard_functionsd3ipq.pdfIn PDF document text
    • https://gixujadimi.weebly.com/uploads/1/3/4/7/134708567/5357636.pdfIn PDF document text
    • https://s3.amazonaws.com/vebisop/mipadamis.pdfIn PDF document text
    • https://0e67983c-e844-40c9-b604-97311ec94efe.filesusr.com/ugd/6e13d9_a4082565d69f4192803484d328171afd.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/wisuw/87799112406.pdfIn PDF document text
    • http://guvivewemubalef.epizy.com/39265850812.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/fbb477c5-bf3b-46de-a670-562e942d97f3/dovotuza.pdfIn PDF document text
    • https://0c17d2ad-06a2-4efd-9128-26148cac6670.filesusr.com/ugd/44320b_598e4e02f1644481af861fa7f3bbd8e8.pdf?index=trueIn PDF document text
    • http://rizolejebogu.epizy.com/niduso.pdfIn PDF document text
    • http://puzuritutu.rf.gd/logo_design_app_free_download.pdfIn PDF document text
    • http://tosivasode.epizy.com/tratamiento_absceso_glandula_bartolino.pdfIn PDF document text
    • http://zutawatupasexap.rf.gd/breaking_the_law_guitar.pdfIn PDF document text
    • https://s3.amazonaws.com/kumasala/accident_report_memo_format_sample.pdfIn PDF document text
    • https://s3.amazonaws.com/moduxanakuri/97985668768.pdfIn PDF document text
    • https://f733e552-90a1-4d1f-83ca-a6b36afcf31c.filesusr.com/ugd/38bf1f_f0c11832a8a74240989dac43a63da973.pdf?index=trueIn PDF document text
    • https://uploads.strikinglycdn.com/files/0e80a164-fc1f-41ff-b4cc-5873f1c3597d/tappan_double_oven_parts.pdfIn PDF document text
    • https://s3.amazonaws.com/gupojakami/c_shell_programming_tutorial.pdfIn PDF document text
    • https://30c0d994-bee2-4d79-bc91-d4aaa7251653.filesusr.com/ugd/0962d9_753074e368be4b6fbfd0820c7c96d25f.pdf?index=trueIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.