Malicious PDF — malware analysis report

Static analysis result for SHA-256 a7555e006dda1e81…

MALICIOUS

PDF

75.6 KB Created: 2021-06-30 23:52:51 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-25
MD5: 669ec50789e186f9ff6f6ea27f9dda09 SHA-1: 2959256e495e8f411217e2e2b6b9f51047cd221f SHA-256: a7555e006dda1e81a47ee01813f7c79666b77999a1046e150b3440339e518c93
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The file was detected by ClamAV as Pdf.Phishing.Trojan, indicating a malicious intent. It contains an external URI, though this specific URL was flagged as benign. The PDF structure and the ClamAV signature suggest it's designed to exploit vulnerabilities or trick users into executing malicious content, aligning with phishing or malware delivery tactics.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.4916

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/Uplcv/~3/1xuhb7AK25c/uplcv?utm_term=andrea+bocelli+duets+with+females PDF link annotation