Malicious PDF — malware analysis report

Static analysis result for SHA-256 b16127755f94ff31…

MALICIOUS

PDF

50.6 KB Created: 2021-02-09 11:52:54 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 67e561b3fbe7a0d4be9c5f1f1b6cd2eb SHA-1: 5fd8aaa6eb9580a4dc81f3db5e62525fbd483d47 SHA-256: b16127755f94ff310460befcdc850f6e39355345f8e6af97cc41d2fd385140cc
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URI pointing to a suspicious domain, identified by ClamAV as a phishing trojan. The document body, though heavily obfuscated, suggests a lure related to a 'Bajrangi video dj song'. The presence of numerous embedded URLs, many with unknown reputations, further supports a malicious intent to redirect users to potentially harmful content or download further payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7338

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://leonvi.ru/aws?utm_term=bajrangi+video+dj+song
    • http://iblack.space/external_crosshair_v3_free_downloadtdmni.pdf
    • http://citruss.space/sivejojenedowulinufolaja5xt60.pdf
    • https://cdn.sqhk.co/zifiguwosu/ghCcThh/25358508550.pdf
    • http://businessoutsourcing.info/46036579474vf1nn.pdf
    • https://cdn.sqhk.co/furafurume/IimgfrG/zivaso.pdf
    • https://cdn.sqhk.co/fepebage/d6kjdh3/cue_cards_tcg.pdf
    • https://cdn.sqhk.co/devepogisog/5EIpChd/nexabopoxifefita.pdf
    • http://fb-pageunderreview.com/dc_shunt_motor_working_principle2j0gg.pdf
    • https://cdn.sqhk.co/sifalavuxozo/fghd0gG/green_pepper_jelly.pdf
    • https://cdn.sqhk.co/gobajejuz/foijmmy/kegosuzog.pdf
    • http://the-english-temple.com/stahlbau_skriptgjdae.pdf
    • https://cdn.sqhk.co/gorisaburo/jbhbhaq/falling_ball_clock.pdf
    • https://cdn.sqhk.co/xudevekelefe/heVgi9K/disodogipe.pdf
    • http://dfwshootersupply.com/fafifakulovud0hvxi.pdf
    • http://livugaxoretedop.epizy.com/lagu_aliff_aziz_hanya_lagu.pdf
    • http://rajemezipuz.rf.gd/pezimovesoxewukig.pdf
    • http://disobaratid.rf.gd/gapemewujutavafopaniji.pdf
    • http://dimafox.epizy.com/67379370410.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.