Malicious PDF — malware analysis report

Static analysis result for SHA-256 a4340718ca448287…

MALICIOUS

PDF

67.0 KB Created: 2021-05-14 15:08:06 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: bc78c77616ba469ad2b4bf71a59b361f SHA-1: 532e3bbe2c31a08e0fcfd8142bce42abf9e370b4 SHA-256: a4340718ca44828724dcb1c72138c13929c8ac0612f4a5cce09f412dd57bd070
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

This PDF document was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to a suspicious URL, suggesting it's designed to redirect users to a phishing or malware distribution site. The document body, though heavily obfuscated, contains metadata related to its creation, which does not detract from the malicious indicators.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9836

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jumiwimov.ru/strik?utm_term=the+soul+collector+2020+wiki
    • http://medilawibume.scienceontheweb.net/bahnwrter_thiel_lektreschlssel.pdf
    • https://cdn.sqhk.co/lebogomatoze/jbHAjfr/anime_gif_live_wallpaper_2_pro.pdf
    • http://rigudozefogo.mypressonline.com/6377013658.pdf
    • https://numuladak.weebly.com/uploads/1/3/4/6/134613837/jozusil-lenegetevoli-potivib-zaxozuto.pdf
    • http://mailedflkf.site/86113231824z5nn8.pdf
    • https://pesopipuni.weebly.com/uploads/1/3/2/3/132303043/mapumop-safojalovite.pdf
    • http://krokoboko3.xyz/xexazukmka9w.pdf
    • http://affilateapp.online/passion_kristian_stanfill_one_thing_remains6o8g6.pdf
    • http://bigmagazin.xyz/fuduwofefutegrwzyt.pdf
    • https://cdn.sqhk.co/digijodaga/CWffuhf/uphill_rush_5_online.pdf
    • https://sekikeke.weebly.com/uploads/1/3/4/7/134739811/nuzazifusizubog.pdf
    • http://opticsystem.website/album_songs_dj_remixjo2bm.pdf
    • http://telgrm.site/harry_potter_character_wands_imagesclyro.pdf
    • https://lanigitekepag.weebly.com/uploads/1/3/4/3/134395773/nowevelitisupu.pdf
    • http://dofujifeluradep.medianewsonline.com/jiwapebudomiz.pdf
    • http://bunagutafa.getenjoyment.net/lista_de_verbos_auxiliares_en_ingles.pdf
    • https://vimikipemaw.weebly.com/uploads/1/3/4/3/134331773/091bb0c12.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • http://nujilexulajuwup.atwebpages.com/forigalerupaxabekowem.pdf
    • http://pasifowon.atwebpages.com/42990265011.pdf
    • http://sutexuvidag.myartsonline.com/1999_international_4700_dt466e_oil_capacity.pdf
    • http://runuwug.myartsonline.com/89689527386.pdf
    • http://nosawakudik.myartsonline.com/wipizeked.pdf
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000f378.bin
86752037011e74facdf1388f7700134d2610ce406f3b4e7fe7409a30dfed37ec		 pdf-font-stream PDF embedded font (sfnt) at offset 0xF378 5056 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.