Malicious PDF — malware analysis report

Static analysis result for SHA-256 b13c3e1875b32b67…

MALICIOUS

PDF

61.3 KB Created: 2021-04-04 15:45:09 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: ec2c86f0d7aea886dce3f122c1273487 SHA-1: 0eb412bc43c0964eb0341a9b73654d1f75dca69e SHA-256: b13c3e1875b32b679477fcac3510cf03e666443ad2737334a265b271b7680198
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URI pointing to a suspicious domain, likely intended to trick the user into visiting a malicious website. ClamAV also detected this file as a phishing trojan. The document body appears to be garbled, suggesting it may be obfuscated or corrupted, but the presence of the external URI is a strong indicator of malicious intent.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.4986

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://golowaki.ru/award?keyword=dr3900+laboratory+spectrophotometer+for+water+analysis+pdf
    • http://kinorio5.xyz/best_free_horror_movie_apps8dshc.pdf
    • http://risimog.mywebcommunity.org/kavefujivakefodukoguloxig.pdf
    • http://topuniversityru.fun/81230173493bclx7.pdf
    • http://lowwsaw.xyz/which_penny_stock_is_good_to_buy_now_in_indiadgxpf.pdf
    • http://dosefokinuvulo.mypressonline.com/cambridge_igcse_and_o_level_business_studies_5th_edition.pdf
    • http://3bureaureport.info/11205932420r3qel.pdf
    • http://hookup154.fun/my_stella_knights_guider8i2c.pdf
    • http://temilops.xyz/romeo_and_juliet_movie_1996_download_in_tamilg6c82.pdf
    • http://poradoit2.site/paradise_island_crazy_golf_pricessa5q1.pdf
    • http://kyukty68.xyz/jcb_operators_manual6tu6n.pdf
    • http://alternativeinfluencenetwork.net/brother_typewriter_ribbon_replacementvy29x.pdf
    • http://reduslim-officialsite.site/xonofivinozacfyg.pdf
    • https://cdn.sqhk.co/nejisakatok/egggjjb/water_slide_decals_for_nails.pdf
    • http://changepass.online/ukulele_strumming_patterns_4_4d4fg6.pdf
    • http://sandiego-podcasts.com/tuxogerudifosidovemasirarz2r8.pdf
    • https://cdn.sqhk.co/kutajanode/SjaFhdg/modern_warfare_tracker_perk_counter.pdf
    • http://theharaka.online/what_is_30_days_plank_challengeyxord.pdf
    • https://17851959-1482-4b49-8222-7b7b0c628459.filesusr.com/ugd/3cb679_c755e1969dbb47bebadc2e812c9acf90.pdf?index=true
    • http://rivenoke.onlinewebshop.net/analysis_of_ordinal_categorical_data_agresti.pdf
    • https://3c3713de-992c-4571-92b4-00afcb8cb2c1.filesusr.com/ugd/9dbdb2_e900369365c143cda60e5d7712a870d8.pdf?index=true
    • https://46c0acaa-de7d-4f46-84f0-c2cf1d8ff7d9.filesusr.com/ugd/ac1638_4957b29cce92416fb055be0295bc1300.pdf?index=true
    • https://6c8ebe11-725c-420b-823a-68bc39d02ad2.filesusr.com/ugd/3e87bf_0bf1bfd521a34898adc05f062fc8009e.pdf?index=true
    • https://0b21792c-a699-4cf4-8833-5910c6ad58af.filesusr.com/ugd/b0b521_fcae2cab7d764d36bf22c1c6b154cf32.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.