Malicious PDF — malware analysis report

Static analysis result for SHA-256 a769dbd15deb7643…

MALICIOUS

PDF

48.4 KB Created: 2021-08-25 03:52:14 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-11
MD5: c0521834f0043d366aa41d0ed998108c SHA-1: 3d32678b3d2c8a17bb6948d8a6a0574bc7f4db05 SHA-256: a769dbd15deb7643f2b43cb335b53161116e24357569a51f284eb49efc4f0113
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was flagged by ClamAV with a signature indicating it is a Pdf.Phishing.Trojan. While no specific document body content or scripts were extracted for analysis, the presence of this signature strongly suggests the file is intended to deceive users, likely for phishing purposes. The embedded URL, though confirmed benign, was part of the file's structure.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.4220

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/Uplcv/~3/S30rS-6n6vg/uplcv?utm_term=miracles+in+mark PDF link annotation