Malicious PDF — malware analysis report

Static analysis result for SHA-256 b7727869db993bec…

MALICIOUS

PDF

100.9 KB Created: 2021-03-23 16:30:56 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 4adaa6cf1814c1fdd18943af015711b3 SHA-1: 88430040b4dfdc67a5c25285b26e866b9809f8c2 SHA-256: b7727869db993bec04a0940741c26953a7e3546d74c1540d273df771c9d08f0c
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document identified as malicious by ML classifiers and ClamAV. It contains an embedded URI pointing to a suspicious domain, likely intended to trick the user into downloading a malicious payload. The document body, though heavily obfuscated, suggests a lure related to academic material.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9024

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://golowaki.ru/award?keyword=symbolic+interactionism+perspective+and+method+pdf
    • http://kejoxemubogese.mywebcommunity.org/letobanonuxikojawatow.pdf
    • http://gixipures.sportsontheweb.net/muzigik.pdf
    • http://toxifiv.myartsonline.com/counting_numbers_in_french.pdf
    • https://s3.amazonaws.com/resabomibogodaw/50796195590.pdf
    • https://uploads.strikinglycdn.com/files/f35e8274-bdfa-44ab-90e9-f37e1d61ef0c/dixesifitasuvelofar.pdf
    • https://s3.amazonaws.com/gudukupir/blouse_cutting_video_hd.pdf
    • https://s3.amazonaws.com/dedinavesute/spanish_phrasebook_and_dictionary.pdf
    • https://s3.amazonaws.com/neporezofov/consecrated_virgin_catholic_answers.pdf
    • https://s3.amazonaws.com/vinejivunitego/atualizar_android_no_mxq_4k.pdf
    • https://uploads.strikinglycdn.com/files/da19979a-869b-4711-8d51-36e6238133c0/toxob.pdf
    • https://s3.amazonaws.com/xeruxaxer/chinese_character_tracing_worksheet.pdf
    • https://s3.amazonaws.com/xeroguru/goluporawogat.pdf
    • https://s3.amazonaws.com/rorives/ruwapivogav.pdf
    • https://s3.amazonaws.com/debiwelof/does_arbys_have_french_fries.pdf
    • https://uploads.strikinglycdn.com/files/bb957532-c4e9-457d-a86a-e7b62eea31e6/96855505856.pdf
    • https://uploads.strikinglycdn.com/files/3426faed-c546-491c-b52f-a5b9a92b9a04/free_tarot_reading_books_for_reception.pdf
    • https://uploads.strikinglycdn.com/files/9ef2341f-98a3-4c36-b9d8-7b31ff44760f/arctic_king_portable_air_conditioner_p1.pdf
    • https://s3.amazonaws.com/wupagivoz/solitaire_collection_for_windows_10.pdf
    • https://s3.amazonaws.com/resixexi/texas_go_math_grade_7_answers.pdf
    • https://s3.amazonaws.com/nokiva/46697270327.pdf
    • https://s3.amazonaws.com/lanaladu/punjabi_songs_dance_video.pdf
    • https://s3.amazonaws.com/poguvelefa/kanhangad_weather_report.pdf
    • http://namezenidel.onlinewebshop.net/cancion_del_mariachi_guitar.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.