Malicious PDF — malware analysis report

Static analysis result for SHA-256 a1dc51846d81cbf1…

MALICIOUS

PDF

70.9 KB Created: 2021-03-03 15:42:05 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-18
MD5: ccc4012954ab7d5d1805c9b32506bb7c SHA-1: 40be50b49d7a164b8429151f3b53c3f4370f51c7 SHA-256: a1dc51846d81cbf18687f6d46ff7f64701a58e2e2366dabc12bb0ca5bc289552
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9189

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://xezojetit.ru/award?keyword=how+to+install+a+new+dryer+outlet PDF link annotation
    • http://bomepufibawil.scienceontheweb.net/hp_deskjet_2544_scan_to_computer.pdfIn PDF document text
    • https://cdn.sqhk.co/pirujezexod/ygiggYG/66485574264.pdfIn PDF document text
    • http://gisoboxizaza.mygamesonline.org/wowikumu.pdfIn PDF document text
    • https://cdn.sqhk.co/sarowojep/Ygfejif/73618538622.pdfIn PDF document text
    • https://cdn.sqhk.co/xaduwudixum/jgZI6hh/scratch_platformer_physics.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4460055/normal_5fdf9db8b37fc.pdfIn PDF document text
    • https://cdn.sqhk.co/lojosewude/Zejggfk/lumoxagotirufizuvapagufa.pdfIn PDF document text
    • https://cdn.sqhk.co/bijozugetav/jihggsZ/lotuv.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4484636/normal_5fe75999e5a30.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4479917/normal_5ff412c621be1.pdfIn PDF document text
    • https://cdn.sqhk.co/laruxibut/iifjhig/insta_followers_gainer_app.pdfIn PDF document text
    • http://tuligofabuwisa.22web.org/the_love_dare_full_movie.pdfIn PDF document text
    • https://cdn.sqhk.co/zetanitanedo/Jja0iT6/rudebukepujefu.pdfIn PDF document text
    • https://cdn.sqhk.co/xibetevoxaj/duggzhv/3ds_max_compute_mixdown.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • http://ribigilubawedom.rf.gd/business_mission_statement_worksheet.pdfIn PDF document text
    • http://scripts.sil.org/OFLIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000e76a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE76A 4972 bytes
SHA-256: fafabb0d4bf1b6d42c441d10e8fb750b913877718326cce719735a41842c0098
font_01_sfnt_off0000f868.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xF868 4600 bytes
SHA-256: d858ad49634e9f6731f35d2c21d2d20f3fa485d55034b7044852e47330cb6bf9

Open this report in the interactive analyzer, or submit your own file for analysis.