PDF malware analysis — malicious · b999eee4e5d96539

MALICIOUS

PDF

104.0 KB Created: 2021-08-22 03:59:20 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-14

MD5: ba0a82d8ee7a05dbd419f62092e077e5 SHA-1: decb9c4371843bb8c5d9313743417c252fae4d68 SHA-256: b999eee4e5d9653987020afc096f2b3c96067250f0e4423117fb3d56015ec4b1

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is a PDF document identified by ClamAV as a phishing trojan. It contains embedded URLs pointing to other PDF files, one of which is hosted on a potentially compromised website. The document body is heavily obfuscated, preventing a clear understanding of its specific lure.

Machine Learning

Nyx PDF Classifier clean score 0.1347

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.advokat.com/app/webroot/img/fck/file/89651152544.pdf In PDF document text
- https://www.hinogas.com/wp-content/plugins/super-forms/uploads/php/files/jsqiu1e6u3670df0vbsibp57bi/16136036562.pdfIn PDF document text
- https://feedproxy.google.com/~r/Uplcv/~3/1KS0DP0cxss/uplcv?utm_term=handbook+of+petroleum+refining+processes+4th+edition+pdf+free+downloadPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.