PDF malware analysis — malicious · a3c190cf98593c2f

MALICIOUS

PDF

45.3 KB Created: 2021-09-04 10:12:25 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-27

MD5: 082538b79fb532067dfa00d18da3df1e SHA-1: ed0a6604f8064b0e54c61ea0355928dc0c6be082 SHA-256: a3c190cf98593c2fece5a58b6c75aee991933d4df089ce04289d7fb4e0d1b3d3

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file was detected by ClamAV as Pdf.Phishing.Trojan, indicating a phishing or trojan distribution intent. It contains multiple embedded URLs, one of which is confirmed benign, but others are unknown and could lead to malicious content. The PDF structure and embedded URIs suggest it's designed to trick users into visiting potentially harmful websites.

Machine Learning

Nyx PDF Classifier suspicious score 0.3595

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://apoiotelecom.com/imagens/img_fckeditor/file/59426337140.pdf In PDF document text
- https://arihantgranites.in/wp-content/plugins/super-forms/uploads/php/files/fkk3qk5jih0nl7bovvh8t64em7/wavetilotaviwovot.pdfIn PDF document text
- https://alianzatours.com/imagenes/file/48928528259.pdfIn PDF document text
- http://aylabawadi.ae/userfiles/file/47864177385.pdfIn PDF document text
- https://feedproxy.google.com/~r/skout/mBVl/~3/6naE_Nh8_CY/uplcv?utm_term=synopsis+on+education+topics+pdfPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.