Malicious PDF — malware analysis report

Static analysis result for SHA-256 a0b628eacccb2044…

MALICIOUS

PDF

49.6 KB Created: 2020-12-15 05:06:05 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 4e47c162417849e8db70222d9f9060f4 SHA-1: 35c028ee33cf2833f594517e58a3211840ef2493 SHA-256: a0b628eacccb2044ab1fa123bcdb3e6e0f741e8e08839d8c31630d76d731f86f
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was detected as malicious by ClamAV and an ML classifier. It contains an embedded URI pointing to 'traffset.ru', which is likely a phishing or malware distribution domain. The document body, though heavily obfuscated, suggests a lure related to software development tools, aiming to trick users into visiting the malicious URL.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6779

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffset.ru/aws?utm_term=devexpress+xtrareport+datasource+dataset
    • https://cdn-cms.f-static.net/uploads/4382408/normal_5f8c41e74a9ae.pdf
    • https://s3.amazonaws.com/henghuili-files2/98652683560.pdf
    • https://s3.amazonaws.com/jarirotexab/evgenia_medvedeva_olympics_2018_performance.pdf
    • https://s3.amazonaws.com/fosagobomap/bevinutijigikifof.pdf
    • https://s3.amazonaws.com/dogazisuze/neverwinter_ranger_guide.pdf
    • https://uploads.strikinglycdn.com/files/4bda4267-f9ae-46da-8d1c-1e1c709d2365/gunusesosufetu.pdf
    • https://uploads.strikinglycdn.com/files/a809f795-33a3-4c12-af04-e569b0ea9062/snowbabies_value_guide_online.pdf
    • https://uploads.strikinglycdn.com/files/9c876649-bb41-427c-80a2-8ca16ab4539b/fumubagewor.pdf
    • https://uploads.strikinglycdn.com/files/2e401e82-1bda-489b-b368-c0d4f2363dc5/angle_bisector_of_a_triangle_worksheet_answers.pdf
    • https://s3.amazonaws.com/ligole/kukisosabepa.pdf
    • https://s3.amazonaws.com/wanasuvedigo/41926884999.pdf
    • https://s3.amazonaws.com/sakaburepagase/77688455382.pdf
    • https://s3.amazonaws.com/ragejufa/cutting_edge_elementary_class_cd.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.