Malicious PDF — malware analysis report

Static analysis result for SHA-256 b7995b2240a35524…

MALICIOUS

PDF

122.8 KB Created: 2021-04-01 23:24:15 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 475894c0e0983a999d20b65f98ee85d7 SHA-1: 92c7a29098c9507420ff67dbb41b796eabaa8e10 SHA-256: b7995b2240a35524bf7233acbc9ee5dd9e129b89b665c07552f528368edea15b
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains multiple embedded URLs, with the primary one being https://maypoin.ru/award?keyword=aprendizajes+clave+ingles+preescolar+pdf, suggesting a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF structure and embedded URIs indicate it's designed to redirect users to malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9363

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://maypoin.ru/award?keyword=aprendizajes+clave+ingles+preescolar+pdf
    • http://zilamuro.medianewsonline.com/bioinstrumentation_by_veerakumari.pdf
    • https://cdn.sqhk.co/remezebona/fjbzU7y/vozuzu.pdf
    • http://lemakomude.sportsontheweb.net/aphrodite_story.pdf
    • http://nipobudagese.mypressonline.com/baldur_s_gate_2_poradnik.pdf
    • https://cdn.sqhk.co/fibafape/ejevZSo/30._4_excretory_system_worksheet_answers.pdf
    • http://tokio-2020.fun/wosomop93f81.pdf
    • https://cdn.sqhk.co/fitodofafe/ighjggl/diaphoretic_meaning_in_urdu.pdf
    • https://cdn.sqhk.co/mikedeto/jYCigf1/ice_age_adventures_mod_apk_2._0._8d.pdf
    • http://uscarins.info/quran_word_by_word_bangla_translationbgvrx.pdf
    • https://cdn.sqhk.co/womibakok/jeWzPia/gravity_falls_journal_3_pages.pdf
    • https://cdn.sqhk.co/tavaxikanabu/jb4WhbT/84286359820.pdf
    • https://cdn.sqhk.co/bedipidis/jahb9hj/gibisixumoxumewafutof.pdf
    • http://reduslim-buy.site/61694533293ojem8.pdf
    • https://cdn.sqhk.co/wodabumamuv/jajho8q/simple_balance_sheet_exercises.pdf
    • http://zanartcc.net/the_one_selection_plotssl7g.pdf
    • http://wokelegekak.66ghz.com/wozomibibusaxijawuteta.pdf
    • https://cdn.sqhk.co/zuronenom/etdidib/vimefomusimalafutanelam.pdf
    • https://uploads.strikinglycdn.com/files/791245b3-151c-42ad-8f0f-bf4ed932508a/5320802232.pdf
    • https://uploads.strikinglycdn.com/files/4181b18f-1b52-4125-b4f9-e078d6677fde/pance_prep_pearls_free_download.pdf
    • https://uploads.strikinglycdn.com/files/723cdd62-7ffa-4394-a5f1-7624632a42f0/fapixunene.pdf
    • https://uploads.strikinglycdn.com/files/5a4fa90a-f6b9-426e-8c8b-bf035c47b7f9/list_of_cool_city_names.pdf
    • https://uploads.strikinglycdn.com/files/c383329d-f2ac-4150-b6c6-6867647e7d12/stihl_011av_chainsaw_parts_diagram.pdf
    • http://xabuvijuj.rf.gd/24135438124.pdf
    • http://nisinukodepafix.rf.gd/vocal_training.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.