PDF malware analysis — malicious · b5b0c49d4e37b3b7

MALICIOUS

PDF

62.3 KB Created: 2021-07-30 08:44:38 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3)

MD5: ecf2dbeff95f88859f2fbe9cc049ec85 SHA-1: 32f24d6de8f416da82443f41d8e7b6e144b1e4e7 SHA-256: b5b0c49d4e37b3b7e5be3801dc2f01aa57ebbd1a61f6334666f5246350e829e0

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was detected as malicious by ClamAV and an ML classifier, indicating a phishing or trojan payload. It contains embedded URLs that likely lead to the download of further malicious content. The file's structure and heuristic firings suggest it is designed to trick the user into downloading and executing a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 0.5842

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://moiarchitekci.pl/pliki/file/dekitafeliselefe.pdf
- https://specialbrands.gr/wp-content/plugins/super-forms/uploads/php/files/2276758b16bf87a5a0b952cf13dec8a4/nonobimuvemep.pdf
- http://allasclub.com/campannas/file/60430468750.pdf
- https://feedproxy.google.com/~r/skout/mBVl/~3/BkSY9tpko7c/uplcv?utm_term=how+did+the+alliances+cause+ww1

Open this report in the interactive analyzer, or submit your own file for analysis.