Malicious PDF — malware analysis report

Static analysis result for SHA-256 ad460d01f0472faf…

MALICIOUS

PDF

50.6 KB Created: 2020-12-11 19:15:11 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 65f4afc8930c665f8a485a9cf4ff56bb SHA-1: 70a81a1d82bef27a604ba5abcce3281291aaa250 SHA-256: ad460d01f0472fafd7726b1cb511fa9b5a6bb82f46621106435789d18acc3594
114 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF is identified as an image-only document designed as a lure, containing a clickable external URI. ClamAV and ML classifiers also flagged it as malicious. The primary IOC is the external URL, which is likely used to redirect the user to a malicious site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7360

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 50 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffine.ru/aws?utm_term=total+knee+arthroplasty+exercises+pdf
    • https://static.s123-cdn-static.com/uploads/4368751/normal_5fc943ef8cac2.pdf
    • https://cdn-cms.f-static.net/uploads/4407070/normal_5f9a187996e29.pdf
    • https://cdn-cms.f-static.net/uploads/4380522/normal_5f915c7ce2bec.pdf
    • https://cdn-cms.f-static.net/uploads/4386834/normal_5fa5b4e74d7e9.pdf
    • https://cdn-cms.f-static.net/uploads/4365998/normal_5fbad0a44e1be.pdf
    • https://static1.squarespace.com/static/5fc12df85bcb0228a284406c/t/5fc2b1c74f9837572037ec12/1606595015935/iron_man_2_unblocked_google_drive.pdf
    • https://s3.amazonaws.com/tesapibebujep/70174517000.pdf
    • https://s3.amazonaws.com/fatisake/light_reflection_and_refraction_class_10_notes_ncert.pdf
    • https://uploads.strikinglycdn.com/files/f89ade47-0da6-413e-b2e3-d1252ab4108c/wewegubarexo.pdf
    • https://uploads.strikinglycdn.com/files/11f4f3d7-180b-49df-a176-17eb46781a90/68430012519.pdf
    • https://static1.squarespace.com/static/5fc0f08c104edf1d7780fb42/t/5fc69e2618e72e5fdbc05c6d/1606852135002/bekufusowebapasigomo.pdf
    • https://static1.squarespace.com/static/5fc00635ff13940aa23ad6dd/t/5fc1bcdfbc819f1cf4197837/1606532320080/solubility_curve_worksheet_cphs_chemistry.pdf
    • https://uploads.strikinglycdn.com/files/5100bcdb-0037-4301-9f4e-2cbf6d5d2f96/banafutunaxunimututemo.pdf
    • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbe0a2b3570fb44d1ca5fd3/1606289963647/palo_verde_beetle_bite.pdf
    • https://uploads.strikinglycdn.com/files/fe7c4e3e-6c75-49c3-bf70-ac5b89c569d9/livro_saboaria_natural.pdf
    • https://uploads.strikinglycdn.com/files/24bdb094-bb37-4665-9d13-4b31581b197b/mubosinefiz.pdf
    • https://uploads.strikinglycdn.com/files/09f2144b-80bc-496f-990e-79d73c319e0f/52465429318.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.