Malicious PDF — malware analysis report

Static analysis result for SHA-256 ad337518c588b1d9…

MALICIOUS

PDF

70.1 KB Created: 2021-03-27 11:30:19 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-11-23
MD5: e2b728455a78c60038a02daec05eef21 SHA-1: 64ccf7d5ded93215e5317e0c0f1986e865227cc1 SHA-256: ad337518c588b1d9ccd456266b5128bacdf2f18c1c40041b345231f5bc26435b
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The embedded URI points to a URL that appears to be part of a phishing or malware distribution scheme, disguised as a free manual download. No scripts were extracted, but the PDF structure and embedded URI strongly suggest a phishing or malware delivery attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8129

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://kuzutuzo.ru/wix?keyword=small+engine+manuals+free+download PDF link annotation
    • http://theporte.xyz/puviporodonogaxumppvuk.pdfIn PDF document text
    • https://cdn.sqhk.co/ninubisidire/aOa6hdP/47140735849.pdfIn PDF document text
    • http://fastgetme.online/ego-t_vape_pen_blinking_3_timesveod9.pdfIn PDF document text
    • http://simenejigixera.22web.org/cancer_de_cervix_sintomas.pdfIn PDF document text
    • https://cdn.sqhk.co/rufopunuk/2jhifib/cisco_firewall_asa_5520_datasheet.pdfIn PDF document text
    • https://cdn.sqhk.co/zokirafuka/c5RG3ja/29403689609.pdfIn PDF document text
    • http://cosmostil.top/how_many_calories_in_dunkin_donuts_multigrain_bagel_with_cream_cheesejv4us.pdfIn PDF document text
    • https://cdn.sqhk.co/favejofu/fjaS86B/regulegitexokude.pdfIn PDF document text
    • https://cdn.sqhk.co/nuvexajamu/ihcQQjc/drill_master_80_piece_rotary_tool_kit.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://s3.amazonaws.com/sisaxu/mupumupivofese.pdfIn PDF document text
    • https://s3.amazonaws.com/tetofamuxulil/mesabimix.pdfIn PDF document text
    • http://lojadovupi.epizy.com/canonical_form_of_boolean_algebra.pdfIn PDF document text
    • https://s3.amazonaws.com/vatakefojunib/cheat_engine_6._5_windows_10.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/9bc920c9-cca7-41ec-bc1c-dbecd90f3308/toyota_sienna_2006_new_price.pdfIn PDF document text
    • https://s3.amazonaws.com/wizomoravazub/why_is_my_frigidaire_water_dispenser_not_working.pdfIn PDF document text
    • http://gulibekesewek.epizy.com/christ_church_secondary_school_uniform.pdfIn PDF document text
    • https://s3.amazonaws.com/jokotaziweluge/54729817739.pdfIn PDF document text
    • https://s3.amazonaws.com/luborinizu/is_maschine_plus_worth_it.pdfIn PDF document text
    • https://s3.amazonaws.com/wupagivoz/33164779692.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/814fc8dd-655c-4281-8b14-8021aed47d7b/9441127261.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/79610221-c858-4e49-9f16-ce1c5b2191d1/remington_870_express_magnum_20_gauge_18_inch_barrel.pdfIn PDF document text
    • http://scripts.sil.org/OFLIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000f32c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xF32C 5420 bytes
SHA-256: bdfe8b8ce4eadde8d933761fa16cd4f4b24e1e1ee68013d64c0f2e87ef99cd77