Malicious PDF — malware analysis report

Static analysis result for SHA-256 a7296cf1d26e2700…

MALICIOUS

PDF

222.3 KB Created: 2021-03-19 10:04:13 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-11-22
MD5: 98cf78bdcdf13c42c6bea3951a8fd488 SHA-1: 1b338b4c768dafb649386baac2fe0bc7e8cc6aca SHA-256: a7296cf1d26e27003190be6ce9b98aad6a503944567ed0eacd99d05d37d954f2
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV and contains an embedded URI pointing to a suspicious domain. The document body, though heavily obfuscated, contains text that appears to be a lure related to "Balogh mary pdf" and an award, likely intended to trick the user into clicking the malicious link. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier clean score 0.1660

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jacksth.ru/award?keyword=balogh+mary+pdf PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.