Malicious PDF — malware analysis report

Static analysis result for SHA-256 b58304e3705c2460…

MALICIOUS

PDF

58.2 KB Created: 2021-03-19 16:47:24 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 03aa5eafcc4109f13f18c536d46b5e54 SHA-1: 4a344a95ebb889393c686733976f99cfcfea56ee SHA-256: b58304e3705c2460e8ea713a02f5eddbc09565afaa3bd6844c40093eb87435f4
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF containing an embedded URI pointing to a suspicious domain, and it was flagged by a machine learning classifier and ClamAV as malicious. The presence of an external URI suggests an attempt to redirect the user to a malicious site, likely for phishing or to download further payloads. No scripts were extracted, but the PDF structure itself facilitated the inclusion of the malicious link.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6078

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ponafet.ru/strik?utm_term=ninestars+trash+can+lid+dzt-50-9h
    • http://sifozex.22web.org/2198783160.pdf
    • http://gusedori.iblogger.org/chaldean_numerology_for_beginners.pdf
    • https://static.s123-cdn-static.com/uploads/4491925/normal_5fe129cf2bdef.pdf
    • https://static.s123-cdn-static.com/uploads/4388413/normal_5fe565136e48c.pdf
    • https://cdn.sqhk.co/tosobulig/vLNR4ic/37434930740.pdf
    • https://cdn-cms.f-static.net/uploads/4412164/normal_601b2992bdc62.pdf
    • https://cdn.sqhk.co/levowexesu/jcXhjhh/history_of_christmas_traditions_around_the_world.pdf
    • https://cdn.sqhk.co/puburikob/fiijdig/beauty_plus_apkmonk.pdf
    • https://cdn-cms.f-static.net/uploads/4418556/normal_6035864b6b4ee.pdf
    • https://cdn.sqhk.co/buzaxelubot/jeYgggi/semukibokufedovelif.pdf
    • https://cdn-cms.f-static.net/uploads/4415782/normal_5fd2b05099572.pdf
    • https://static.s123-cdn-static.com/uploads/4417119/normal_5fc89312a0a2b.pdf
    • https://static.s123-cdn-static.com/uploads/4447466/normal_6008fe892e527.pdf
    • https://uploads.strikinglycdn.com/files/180494c5-3582-460e-9e9d-0476a56e9bbc/subway_map_nyc_2020.pdf
    • https://uploads.strikinglycdn.com/files/799eee22-4954-46e5-8b64-393147cbe94c/how_to_read_notes_while_on_zoom.pdf
    • https://989244f3-426d-4557-b4f1-0018dac9047c.filesusr.com/ugd/57c819_699728da654b486db08daf6e4cc2d3cd.pdf?index=true
    • https://uploads.strikinglycdn.com/files/ae2f1b54-28f0-47fd-8da7-9104d519ef27/auld_lang_syne_piano_chords_for_beginners.pdf
    • https://3176e400-c268-4dc0-8d69-08eae86937f8.filesusr.com/ugd/ea2f88_a2b7702a78a34a29bd25f0643da5410b.pdf?index=true
    • https://uploads.strikinglycdn.com/files/6e550a4f-96a9-4058-8998-508d671e49ed/are_florida_pythons_dangerous.pdf
    • https://uploads.strikinglycdn.com/files/f093fe53-ed6e-460f-b16b-3e76b70ed4f7/what_order_should_i_watch_the_marvel_movies_in_reddit.pdf
    • https://502f924d-676a-41b3-8220-87c01882f600.filesusr.com/ugd/5a20bb_b22024e47f83473290fbf394a52ba7af.pdf?index=true
    • https://a12a05ab-6462-4855-b086-b0a2a961d6d8.filesusr.com/ugd/2c76f4_ca28bd461ca8473f8886692e6626b523.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.