Malicious PDF — malware analysis report

Static analysis result for SHA-256 aee7bde3cb3596d8…

MALICIOUS

PDF

235.6 KB Created: 2021-03-22 02:56:15 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-07-02
MD5: 447d7f758673cfaedf7e12f1ef3d1a11 SHA-1: 66aace92543ab78d54cf1a19e3f4467df0acaac7 SHA-256: aee7bde3cb3596d8ef86ab3173a155e8cec4fc6d124541a40f64463ff608d094
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a signature indicating phishing and trojan characteristics. It contains an embedded URI pointing to a suspicious domain, which is likely part of a phishing or credential harvesting scheme. The document body, though heavily obfuscated, suggests a lure related to 'Astm a360 pdf'. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier clean score 0.1730

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://xajibur.ru/award?keyword=astm+a360+pdf PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.