Malicious PDF — malware analysis report

Static analysis result for SHA-256 9c19d52bee2c8f09…

MALICIOUS

PDF

47.6 KB Created: 2021-03-24 02:22:14 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-25
MD5: 113908c075aa5b1e1485beb8c6a9d3c4 SHA-1: 3a0ad5cffb5105003a687deb6e6437d93b997a35 SHA-256: 9c19d52bee2c8f09dabf912b209ed6621f43788a813d783f89be4fccc7e0301f
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8572

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://midufefew.ru/award?keyword=canon+70d+manual+portugues+pdf PDF link annotation
    • http://nakekizedexu.getenjoyment.net/different_types_of_cerebral_palsy.pdfIn PDF document text
    • http://xuxovijitix.22web.org/fexupelobafaki.pdfIn PDF document text
    • http://sodahq.club/save_paint_astv9j3.pdfIn PDF document text
    • http://malalij.iblogger.org/weekly_meeting_agenda_template.pdfIn PDF document text
    • http://xulubapatoso.scienceontheweb.net/how_to_find_dc_motor_efficiency.pdfIn PDF document text
    • http://zexawabezazojot.sportsontheweb.net/media_psychology_101.pdfIn PDF document text
    • http://carinsusa.info/30801614496130kc.pdfIn PDF document text
    • https://s3.amazonaws.com/zibenoroduzuw/faxagijerudexudemoxudalog.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/5a1015a7-4b05-4d13-8bd2-294d62754fca/romoxinopajitujorijanegir.pdfIn PDF document text
    • https://s3.amazonaws.com/vebenok/neterabarivikimavaju.pdfIn PDF document text
    • https://s3.amazonaws.com/xufujofaleki/template_carrinho_de_compras_html.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/78e7d5c1-a6aa-4410-87eb-e7698896377c/samsung_note_3_launch_date_in_malaysia.pdfIn PDF document text
    • http://vewomani.rf.gd/los_angeles_attractions_map.pdfIn PDF document text
    • https://s3.amazonaws.com/jupoti/nemirika.pdfIn PDF document text
    • https://s3.amazonaws.com/zurovajij/instagram_photos_high_res.pdfIn PDF document text
    • http://pikawin.rf.gd/mendeley_format_bibliography.pdfIn PDF document text
    • https://s3.amazonaws.com/tamobalasu/62478746058.pdfIn PDF document text
    • https://s3.amazonaws.com/divikufifir/tenapewelojidumutetin.pdfIn PDF document text
    • https://s3.amazonaws.com/rudelazifizuvo/mppsc_assistant_engineer_civil_syllabus.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.