Malicious PDF — malware analysis report

Static analysis result for SHA-256 9d7b51c74887c19f…

MALICIOUS

PDF

66.4 KB Created: 2021-09-04 01:51:16 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-01
MD5: 47a7cb66210252564c8f08a3ab84cdc4 SHA-1: 49b07e4771348fd328e995f36ef1bd73a8f084c1 SHA-256: 9d7b51c74887c19fb67b17f5e8392e6c38debc2fe82210e4ee15818aa42ab629
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6657

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.ibyservice.com/wp-content/plugins/super-forms/uploads/php/files/fff1af9ee4359aac7519e3ed3ca01293/dofawonapojisijonuvorexow.pdf In PDF document text
    • https://www.siemers-deutschmann.de/wp-content/plugins/super-forms/uploads/php/files/8luvf0grk2a799bh1cnu4m7los/lisepupox.pdfIn PDF document text
    • https://almuhja.ps/ckfinder/userfiles/files/73186686987.pdfIn PDF document text
    • https://www.kiteschule-kieIn PDF document text
    • https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/S30rS-6n6vg/uplcv?utm_term=forbes+marshall+control+valve+manualPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.