PDF malware analysis — malicious · b37651b8daeb9c9b

MALICIOUS

PDF

35.9 KB Created: 2021-09-04 22:57:54 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-07

MD5: ed824dd95505bcd3f707da622ffbe053 SHA-1: e789a583aea53712515e6e93fa95d5a4d53fe3b7 SHA-256: b37651b8daeb9c9b93f14834853ae6331aed0470a24efe51a0ccf3faed3a43aa

114 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF is identified as a phishing lure due to its image-only content and embedded clickable action. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded URLs likely lead to malicious sites for further exploitation or credential harvesting.

Machine Learning

Nyx PDF Classifier malicious score 0.7689

Heuristics 4

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 35 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://pistant.ru/uplcv?utm_term=scannerdanner+book+pdf+free PDF link annotation
- http://stroyvodservice.ru/upload/File/2086096595.pdfIn PDF document text
- https://www.cocochan.com.pk/wp-content/plugins/super-forms/uploads/php/files/cbb984ba153ecbe65ec0f909cedIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.