PDF malware analysis — malicious · a769dbd15deb7643

MALICIOUS

PDF

48.4 KB Created: 2021-08-25 03:52:14 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-11

MD5: c0521834f0043d366aa41d0ed998108c SHA-1: 3d32678b3d2c8a17bb6948d8a6a0574bc7f4db05 SHA-256: a769dbd15deb7643f2b43cb335b53161116e24357569a51f284eb49efc4f0113

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file was flagged by ClamAV with a signature indicating it is a Pdf.Phishing.Trojan. While no specific document body content or scripts were extracted for analysis, the presence of this signature strongly suggests the file is intended to deceive users, likely for phishing purposes. The embedded URL, though confirmed benign, was part of the file's structure.

Machine Learning

Nyx PDF Classifier suspicious score 0.4220

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/Uplcv/~3/S30rS-6n6vg/uplcv?utm_term=miracles+in+mark PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.