PDF malware analysis — malicious · a5c16c2b80c1d8e1

MALICIOUS

PDF

43.8 KB Created: 2021-09-06 17:23:38 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-29

MD5: 27854851cfb1af420543ee9051fedf02 SHA-1: ccb527dea4a665d7dce3018338bcb8f4d334d2a3 SHA-256: a5c16c2b80c1d8e10db9004a898f2ebad07b57e07b5a65664ed2601eb7f86e4a

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, specifically as a phishing trojan. It contains an embedded URI pointing to a URL that mimics a search result, likely intended to trick the user into visiting a malicious site. No scripts were extracted, but the presence of external URIs and the nature of the detection suggest a phishing or credential harvesting attempt.

Machine Learning

Nyx PDF Classifier malicious score 0.5048

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://cructi.ru/uplcv?utm_term=taipei+subway+map+pdf PDF link annotation
- http://ziepniekkalns.lv/wp-content/plugins/formcraft/file-upload/server/content/files/160c4f9a7b3a9a---91355543508.pdfIn PDF document text
- https://theshairpodcast.com/wp-content/plugins/super-forms/uploads/php/files/410c6e8cea7371b4673f91313e26abc9/17338345407In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.