Malicious PDF — malware analysis report

Static analysis result for SHA-256 ab2171025ad3092d…

MALICIOUS

PDF

75.4 KB Created: 2021-03-19 09:12:45 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 2a3f4073e63fed904078d70048b2623a SHA-1: b60f51aac83112bf54dfa96b832b894ffbda72a6 SHA-256: ab2171025ad3092d40e72a73848a902cae3fc1a2b450f14c24325860cdbc4419
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The PDF contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a phishing or malware distribution site. No scripts were extracted, but the overall structure and heuristic firings suggest a phishing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6070

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://vilenefex.ru/aws?utm_term=what+is+the+concept+of+knowledge
    • https://cdn.sqhk.co/kuwusemob/jathiji/tigesavezodavawazezodoju.pdf
    • http://vavazexowupex.medianewsonline.com/java_programming_notes_for_beginners.pdf
    • https://cdn.sqhk.co/badimoweba/c3haJhc/birha_vijay_lal_yadav.pdf
    • https://cdn.sqhk.co/vibisidumes/7Rjh5ic/gelibewefil.pdf
    • http://xumupizaxuto.scienceontheweb.net/bukivokasijadujugu.pdf
    • http://mutujejeturuduf.medianewsonline.com/neet_2020_biology_questions.pdf
    • http://tixaman.scienceontheweb.net/divine_mercy_shrine_cdo_mass_schedule.pdf
    • http://pivolirarorip.mypressonline.com/circle_of_fifths_worksheet.pdf
    • https://cdn.sqhk.co/sejejajoxej/Xv2jbia/elite_hockey_training_montreal.pdf
    • http://suwufexez.sportsontheweb.net/what_the_purpose_of_a_mortgage_deed_look_like.pdf
    • http://xasedogamif.mypressonline.com/5324278035.pdf
    • https://cdn.sqhk.co/lofopapenow/wMjhIgh/toca_kitchen_2_for_pc.pdf
    • https://s3.amazonaws.com/salosibejodod/88911262301.pdf
    • https://uploads.strikinglycdn.com/files/9b20af1a-5a44-4f6f-8516-b40328d7dc58/how_to_find_cross_sectional_area_of_a_wire.pdf
    • https://s3.amazonaws.com/pogolo/gawetejuw.pdf
    • https://s3.amazonaws.com/nisoxow/1995_jeep_wrangler_rio_grande_owners_manual.pdf
    • https://s3.amazonaws.com/rezugekolaba/65484503676.pdf
    • https://s3.amazonaws.com/jazofi/auld_lang_syne_chords_key_of_d.pdf
    • https://uploads.strikinglycdn.com/files/c7f956a7-5bb7-4bbb-8fe8-7723f9211119/why_is_my_electric_furnace_not_turning_on.pdf
    • https://s3.amazonaws.com/jewizopukuni/barnet_planning_guide.pdf
    • https://s3.amazonaws.com/wuxupewu/99669085375.pdf
    • https://uploads.strikinglycdn.com/files/a8511bf3-82c7-45e2-92f2-3c5db7a938fe/93641128525.pdf
    • https://s3.amazonaws.com/lixasifasi/gewarurileliwe.pdf
    • https://s3.amazonaws.com/lezopobigeza/fetubaw.pdf
    • http://fekejuw.atwebpages.com/aitsl_standards_2020.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.