Malicious PDF — malware analysis report

Static analysis result for SHA-256 a730e45fd68407a9…

MALICIOUS

PDF

50.6 KB Created: 2021-03-20 22:33:49 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-24
MD5: 24e74f9cd524e43ee822954b285448d4 SHA-1: f709c4fc0f4f4c4bcfb3a82860a1c3e159b51eb6 SHA-256: a730e45fd68407a9f3d24e3280ba15afcdb38a7e27d4374028ef25d06587dcc4
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6386

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://mezovuduw.ru/aws?utm_term=flir+one+gen+3+battery+replacement PDF link annotation
    • https://cdn.sqhk.co/noxuluni/jeXGidi/79412914152.pdfIn PDF document text
    • http://draiwenstore.online/guia_completa_calistenia_gratisc39sb.pdfIn PDF document text
    • https://cdn.sqhk.co/ribegibonot/jbicwhd/3972703015.pdfIn PDF document text
    • https://cdn.sqhk.co/fowifabibu/kugdSie/feudal_system_social_pyramid.pdfIn PDF document text
    • http://stavki-na-sport.site/brown_bear_brown_bear_printable_book_in_spanishm5shv.pdfIn PDF document text
    • http://plafond.xyz/97598688092lxdpe.pdfIn PDF document text
    • https://cdn.sqhk.co/jivazufevi/jiX0v2I/31690102040.pdfIn PDF document text
    • https://cdn.sqhk.co/tabafopevajo/eihij9s/acharya_balkrishna_aiims_report.pdfIn PDF document text
    • https://cdn.sqhk.co/sugutomipu/hfjHrjd/78472683807.pdfIn PDF document text
    • http://buyervannakupitvsem.xyz/how_to_deep_fry_a_butterball_turkeyeouxy.pdfIn PDF document text
    • https://cdn.sqhk.co/sosexazefip/fr5Msdj/launch_federal_credit_union_mortgage_clause.pdfIn PDF document text
    • http://sarhello.online/defenisujajjb1ue.pdfIn PDF document text
    • https://s3.amazonaws.com/duzexefemosaxe/double_glazing_with_acrylic_sheets.pdfIn PDF document text
    • http://gidumelefot.epizy.com/34837782825.pdfIn PDF document text
    • https://s3.amazonaws.com/suxuzubojut/77107451009.pdfIn PDF document text
    • https://s3.amazonaws.com/gowupuzokowuxes/pharyngitis_treatment_guidelines_2018.pdfIn PDF document text
    • https://s3.amazonaws.com/jonora/17836847738.pdfIn PDF document text
    • http://veraliw.rf.gd/51262240989.pdfIn PDF document text
    • https://s3.amazonaws.com/nitidadufetenu/10_ejemplos_de_dispositivos_de_proceso.pdfIn PDF document text
    • https://s3.amazonaws.com/fojaxexino/missguided_red_plunge_midi_dress.pdfIn PDF document text
    • http://paradubufaxeju.rf.gd/04_malibu_no_start.pdfIn PDF document text
    • http://ziwivalotezeti.rf.gd/82275423823.pdfIn PDF document text
    • https://s3.amazonaws.com/jarirotexab/fannie_freddie_underwriting_guidelines.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.