Malicious PDF — malware analysis report

Static analysis result for SHA-256 ac0f388287ebed55…

MALICIOUS

PDF

190.9 KB Created: 2021-01-29 18:53:16 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-05
MD5: 5f8fc6179fd314a8183965d19f117ee8 SHA-1: cee19cbaeab50e26d3a5816b739f1e785d4ac01c SHA-256: ac0f388287ebed5519a73cb2bc38f0d215c3373d3679d23962ab40539c8da02b
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The ClamAV heuristic identified this PDF as a phishing trojan. The document body, though heavily obfuscated, contains references to 'Exfo ftb-200 otdr user manual', suggesting a lure to download a technical document. Multiple external URLs are present, with at least one, 'http://salet.store/varuthapadatha_valibar_sangam_video_songs_hd_1080p_free_downloadhkarz.pdf', appearing to host further malicious content.

Machine Learning

  • Nyx PDF Classifier clean score 0.1420

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jacksth.ru/123?utm_term=exfo+ftb-200+otdr+user+manual PDF link annotation
    • http://salet.store/varuthapadatha_valibar_sangam_video_songs_hd_1080p_free_downloadhkarz.pdfIn PDF document text
    • https://cdn.sqhk.co/levowexesu/jaghejj/podezaminematipuvomusobe.pdfIn PDF document text
    • http://presentinsta.online/photomath_online_cameralvo6b.pdfIn PDF document text
    • https://cdn.sqhk.co/gidufulelav/VBiiz5x/monument_valley_az_open.pdfIn PDF document text
    • https://cdn.sqhk.co/nozesinipi/jagg09u/tavobifigitapikenoroti.pdfIn PDF document text
    • http://yourdesk.website/54327259766z1nek.pdfIn PDF document text
    • https://cdn.sqhk.co/temejikowewa/ijjjLt4/quiz_logo_game_answers_level_11.pdfIn PDF document text
    • https://cdn.sqhk.co/zanotunuzi/q5phfjj/movie_trivia_questions_game.pdfIn PDF document text
    • http://trokot-shtorki.online/mozuwazodigajimipigizixr73zh.pdfIn PDF document text
    • http://supernefritroller.xyz/comportamiento_organizacional_hellriegel_slocumomlyn.pdfIn PDF document text
    • https://nujetamewude.weebly.com/uploads/1/3/4/8/134881912/tozosum-semujisurubeka.pdfIn PDF document text
    • https://laxatutokowo.weebly.com/uploads/1/3/5/3/135387201/pupadilese.pdfIn PDF document text
    • http://giocodigital.website/umbrella_academy_comic_volume_10ehwn.pdfIn PDF document text
    • http://lnstagrambusiness.com/824848765138918l.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://s3.amazonaws.com/zusevamasor/2018_tahoe_brochure.pdfIn PDF document text
    • https://s3.amazonaws.com/jezaxojipevu/sawugetibusojavipuwo.pdfIn PDF document text
    • https://s3.amazonaws.com/wiremeresegikon/lezalasani.pdfIn PDF document text
    • https://s3.amazonaws.com/bikikanafopavu/lady_boss_movie_audio_songs.pdfIn PDF document text
    • https://s3.amazonaws.com/vapite/law_of_attraction_love_relationships.pdfIn PDF document text
    • https://s3.amazonaws.com/gumagabu/java_car_games_jar.pdfIn PDF document text
    • https://s3.amazonaws.com/lomiwexuva/55026370927.pdfIn PDF document text
    • https://savannah.gnu.org/projects/freefont/In PDF document text
    • http://www.gnu.org/licenses/In PDF document text
    • http://www.gnu.org/copyleft/gpl.htmlIn PDF document text
    • http://scripts.sil.org/OFLIn PDF document text
    • http://dejavu.sourceforge.netIn PDF document text
    • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000254ad.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x254AD 6728 bytes
SHA-256: c178a0bfde7fc83c871c1bcc68d39bb0531fe1d4502e9b32d5b6f1fa554a4a22
font_01_sfnt_off000265a9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x265A9 13736 bytes
SHA-256: b3b31e5272a782b916f083efac02244a2f447ec7ff650bff90ac88013a9ab78a
font_02_sfnt_off000291a1.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x291A1 5524 bytes
SHA-256: 855692e2114ce6f45342623d125eb0db3c6b18e0363c540b0b260e0336c139d1
font_03_sfnt_off0002a452.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2A452 2088 bytes
SHA-256: 0914ec5a69263dfa41877814a7634a51d48c140a038a560cef823f144744185b
font_04_sfnt_off0002ae37.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2AE37 12152 bytes
SHA-256: bc05bd54a2be301aaf6c2f84395e221ab561d6af9a5c9fdbb722485ed7c98116
font_05_sfnt_off0002d7e9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2D7E9 17316 bytes
SHA-256: da5142534c5c483566fb24bc8f38a5783cb98ad40c0fb60a9fa8f0a8f67a14a5

Open this report in the interactive analyzer, or submit your own file for analysis.