Malicious PDF — malware analysis report

Static analysis result for SHA-256 a71e4b9ecad430ca…

MALICIOUS

PDF

62.9 KB Created: 2021-04-01 22:44:19 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: f88992e263828741e832e4a9c45a25b2 SHA-1: eb7b793ef58cae645e50f8341e5f5e33d9c1263d SHA-256: a71e4b9ecad430ca2704cc08d104c296bbca9592301a99e8ecffba3e316fbb5b
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains multiple embedded URLs, with at least one pointing to a domain associated with phishing activity. The presence of these URLs suggests the document is designed to trick users into navigating to external sites, potentially for credential harvesting or further malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7116

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://zajinet.ru/123?utm_term=metabolismo+de+proteinas+em+ruminantes+pdf
    • http://xazupadapafow.mypressonline.com/spelling_rules_english_language.pdf
    • https://cdn.sqhk.co/melipetoluf/jheqja7/46569416736.pdf
    • https://cdn.sqhk.co/zimidenex/zibgjSL/byju_s_the_learning_app_download_apkpure.pdf
    • http://wemuwetafivaxe.sportsontheweb.net/13774446369.pdf
    • https://cdn.sqhk.co/puzadowoke/dorNggA/learn_numbers_for_toddlers._number_tracing_app.pdf
    • http://xufelaketodo.getenjoyment.net/25610430168.pdf
    • http://xanejog.medianewsonline.com/abamectin_mode_of_action.pdf
    • https://cdn.sqhk.co/zipuzedozame/aeqVhe6/65336556800.pdf
    • http://bejawutipage.mywebcommunity.org/how_to_reset_honeywell_water_heater_valve.pdf
    • https://311919ef-92bb-434b-a93e-382c1a5e2e65.filesusr.com/ugd/c893b4_2ab61310d2384e37b96bb1d6ee02a43a.pdf?index=true
    • http://juranakowi.rf.gd/technic_launcher_modpacks_free.pdf
    • https://e2604e0b-f95a-4acb-b53f-a7db3827b2a1.filesusr.com/ugd/225520_e904faed97444762a30a6051c74295f0.pdf?index=true
    • https://s3.amazonaws.com/gogunabones/58834918621.pdf
    • https://s3.amazonaws.com/dowesitobuga/80306214608.pdf
    • http://zagafelegaxo.epizy.com/rigirodajawojanikuges.pdf
    • http://jelenaw.myartsonline.com/alcohol_intoxication_treatment_guidelines.pdf
    • https://50aad03f-9d2a-47e6-be13-abd12f321b17.filesusr.com/ugd/3fd638_43180bcd121d4a78942e2d97e3408f6b.pdf?index=true
    • https://ecf1b359-4982-44d9-836f-7e6f5fec4aa1.filesusr.com/ugd/da15c8_ee01b13ae7164928b9125ebaedb07044.pdf?index=true
    • https://923a8ca3-316b-4844-b38f-9bc955ad4852.filesusr.com/ugd/312e0e_de2e103476324657b267677eab0d6f97.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.