Malicious PDF — malware analysis report

Static analysis result for SHA-256 ac70cc5a83df9e2a…

MALICIOUS

PDF

151.5 KB Created: 2021-03-17 13:15:54 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: abe76e51031897a2f0883386913f1a2e SHA-1: 10307fe98cea8787d656349e2b8c827f170c06f9 SHA-256: ac70cc5a83df9e2ad83b53a2f905a626318078656d665129d5c9ea77b979fd76
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, specifically as a phishing trojan. The embedded URI points to a suspicious domain, suggesting a phishing or malware distribution attempt. Although no scripts were extracted, the PDF structure and the presence of an external URI indicate an attempt to redirect the user to a malicious resource, likely for credential harvesting or further malware delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8436

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jottigo.ru/award?keyword=apj+abdul+kalam+photos+pdf
    • http://silvanozito.online/polly_et_le_loupvnrbh.pdf
    • https://cdn-cms.f-static.net/uploads/4501027/normal_602c4d288e768.pdf
    • http://balifruit.com/wujejerosutivugewoke53d8c.pdf
    • https://fuwosijeven.weebly.com/uploads/1/3/0/7/130738701/76bdb7fe.pdf
    • http://wazerutumaj.22web.org/31846506768.pdf
    • http://datab.vip/tesomafexheu0z.pdf
    • https://safesawugu.weebly.com/uploads/1/3/2/8/132814337/ca48b99ac82760.pdf
    • http://vnds-v.website/stock_watson_4th_edition469sx.pdf
    • https://cdn-cms.f-static.net/uploads/4446942/normal_5fd17d8ac2fab.pdf
    • http://yogait.space/slideshare_ppt_freei32l9.pdf
    • http://familyit.info/ejercicios_palabras_agudas_llanas_y_esdrujulas_4_primarianr6dd.pdf
    • https://vabusise.weebly.com/uploads/1/3/4/3/134385335/bezubeb.pdf
    • http://negozio50sconto.info/pukebojopovufikopawesujumeb8oi.pdf
    • https://baripunasese.weebly.com/uploads/1/3/4/1/134131446/vudamigevelidovim.pdf
    • https://cdn-cms.f-static.net/uploads/4470028/normal_600f6143ed374.pdf
    • https://tevoletefe.weebly.com/uploads/1/3/1/6/131606261/fuguragidedurumin.pdf
    • https://cdn-cms.f-static.net/uploads/4409258/normal_60302be1752a5.pdf
    • https://static.s123-cdn-static.com/uploads/4415767/normal_6006557504b5b.pdf
    • https://uploads.strikinglycdn.com/files/7cf18b36-ce75-4761-89a7-834a803e895b/lizegajamodosi.pdf
    • https://uploads.strikinglycdn.com/files/a53cb1a9-0809-4e5f-9924-8ff46a57bcd3/1814769349.pdf
    • https://uploads.strikinglycdn.com/files/36958405-0fe3-456d-b81c-dbb4ab39e231/gexewuvefik.pdf
    • http://ridesetufa.rf.gd/event_budget_template_word.pdf
    • https://uploads.strikinglycdn.com/files/206c5cec-6539-4493-8a17-455d0f5b5575/memnoch_the_devil_ending_explained.pdf
    • https://uploads.strikinglycdn.com/files/3111720c-b1b5-4f08-a845-99637e73f0f4/14373137101.pdf
    • http://delozaroj.epizy.com/how_much_is_nypd_uniform_allowance.pdf
    • http://sugexure.rf.gd/article_15_movie_english_subtitles.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.