Malicious PDF — malware analysis report

Static analysis result for SHA-256 9fd25e1dcaeb8fad…

MALICIOUS

PDF

49.6 KB Created: 2020-12-16 05:58:51 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: f420a1bfb57e3200fab545c5ac239050 SHA-1: a7902aea12680f47a970f5bcc642ec4579ce818e SHA-256: 9fd25e1dcaeb8fada0471436a42343cfe92d235af8e6d7961c22f12acdcc9782
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URI pointing to a suspicious URL. ClamAV and an ML classifier also flagged this file as malicious, specifically as a phishing trojan. The document body, though heavily obfuscated, appears to be related to educational content, likely a lure to encourage clicks on the malicious link.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5414

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffnew.ru/strik?utm_term=four+types+of+sentences+worksheet+6th+grade
    • https://static.s123-cdn-static.com/uploads/4465709/normal_5fcc53e13be05.pdf
    • https://cdn-cms.f-static.net/uploads/4384318/normal_5f96621a9d0b6.pdf
    • https://cdn-cms.f-static.net/uploads/4378853/normal_5fd2f83d2bbe8.pdf
    • https://cdn-cms.f-static.net/uploads/4366369/normal_5fd7c5ddafa6c.pdf
    • https://static1.squarespace.com/static/5fcdff26e1a8af6ff4aec5c5/t/5fcf6bc005f6f278075a12f1/1607429058140/espn_fantasy_football_rankings.pdf
    • https://s3.amazonaws.com/tasufagijaremo/intensifiers_easy_worksheet.pdf
    • https://static1.squarespace.com/static/5fc0c666116eb00e3c4b5099/t/5fcf9dfb1a78ee5f016ed1a7/1607441933164/lilonuzatipa.pdf
    • https://s3.amazonaws.com/napisakaluja/antibiotic_prophylaxis_colorectal_surgery_guidelines.pdf
    • https://static1.squarespace.com/static/5fc0d3b00b6b03258f353712/t/5fc4e751f81c9a2a0c3c563e/1606739794563/2648282874.pdf
    • https://static1.squarespace.com/static/5fc5db779955c744b55d5a92/t/5fcc8620c00f007ceae1f84d/1607239201952/maserati_quattroporte_2019_colors.pdf
    • https://s3.amazonaws.com/tejuvonixag/parestesia_causas.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.