PDF malware analysis — malicious · ad110c59038d2a16

MALICIOUS

PDF

35.7 KB Created: 2020-12-20 02:59:35 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-06-20

MD5: d6b0001dae6ef69ffc0e3c85c25e7eb5 SHA-1: 0f9dfe6199045ef83e376eaf44f59e58b97a90f9 SHA-256: ad110c59038d2a161f87ca9e7dafdb6f5716f05d3fa9f0abb09ae0517e8dca39

114 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file is identified as malicious by ClamAV and a machine learning classifier. It employs an image-only lure, a common tactic for phishing, to entice users to click on an embedded URL. The URL leads to a site related to 'fake tattoo picture editor online', suggesting a deceptive pretext for the user interaction.

Machine Learning

Nyx PDF Classifier malicious score 0.6891

Heuristics 4

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 35 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://traffset.ru/wb?keyword=fake%20tattoo%20picture%20editor%20online PDF link annotation
- https://cdn-cms.f-static.net/uploads/4366366/normal_5f89bfb290367.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.