Malicious PDF — malware analysis report

Static analysis result for SHA-256 9cf66fbca06abe5e…

MALICIOUS

PDF

65.4 KB Created: 2021-04-02 14:35:37 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 001d2bb95b128dc2dc8af56f668b5693 SHA-1: d3b69c1e399dc05c5170071e759a55ffd6d0eea4 SHA-256: 9cf66fbca06abe5e638720d2d12f76b9494461259cbe7bcd03b03db3cb5d639d
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains embedded URLs, one of which is flagged as malicious. The ML classifier and ClamAV detection strongly indicate malicious intent. The document body, though heavily obfuscated, suggests a lure related to 'smart action plan template pdf'. The presence of embedded JavaScript, as indicated by the PDF_URI heuristic, suggests the potential for further malicious actions like downloading additional payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6428

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://resalured.ru/award?keyword=smart+action+plan+template+pdf
    • https://cdn.sqhk.co/vopofuxo/wiajdgd/91430259153.pdf
    • https://pupiwikupexi.weebly.com/uploads/1/3/4/3/134348736/nogesad.pdf
    • https://lubojedibejet.weebly.com/uploads/1/3/5/3/135329630/sekorekidonadomedop.pdf
    • https://cdn.sqhk.co/nutanujel/gfVjggh/kel_thuzad_talent_guide.pdf
    • https://bufuxilanu.weebly.com/uploads/1/3/4/4/134402831/fodiv_basobijuguweno.pdf
    • https://cdn.sqhk.co/madagijoj/7KF2W89/candy_crush_soda_saga_cheat_engine.pdf
    • https://xoxudepibedewem.weebly.com/uploads/1/3/5/3/135317482/musejiwixupenomoke.pdf
    • https://ledobosu.weebly.com/uploads/1/3/1/3/131383424/4646552.pdf
    • https://cdn.sqhk.co/nusatabi/shaidCL/panini_direct_phone_number.pdf
    • https://cdn.sqhk.co/lutaxudepoje/CaehjHv/tissot_prs_200_chronograph_manual.pdf
    • https://s3.amazonaws.com/sewamos/what_kind_of_batteries_does_a_ba_ii_plus_take.pdf
    • https://s3.amazonaws.com/votawawo/10917609135.pdf
    • http://dojeranorered.epizy.com/piya_basanti_song_mr_jatt.pdf
    • https://s3.amazonaws.com/wupuxus/24785904778.pdf
    • https://uploads.strikinglycdn.com/files/342d7107-1d70-4711-9c2f-48aa67ca78f3/bodyweight_exercise_circuit_fat_loss.pdf
    • http://zunizififuve.epizy.com/workbooks._add_template_c.pdf
    • https://uploads.strikinglycdn.com/files/a1b79471-1d3d-4ef2-a73e-143c7069e2b5/how_much_is_the_new_mustang_mach_e.pdf
    • https://s3.amazonaws.com/juvetaso/sobulobesetuniwoxuvizev.pdf
    • https://uploads.strikinglycdn.com/files/50275e20-0fa4-422c-a985-c6d976c2ba57/dnd_5e_oathbreaker_paladin_guide.pdf
    • http://jesazujux.epizy.com/2003_acura_rsx_service_manual.pdf
    • https://uploads.strikinglycdn.com/files/ea862bb4-48c2-4165-829d-fe0850c726e5/53320490406.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.