PDF malware analysis — malicious · bb0f24ef6d885501

MALICIOUS

PDF

79.6 KB Created: 2021-08-08 12:42:50 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-25

MD5: 885c942e08b6f403e0bac7e1492f5799 SHA-1: 4c9b3131777fe4ef094d3d71e14694a964294f5f SHA-256: bb0f24ef6d885501866e594793dd69d0116a7edc5f572954d28fb52f4fbccf17

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file was detected as malicious by multiple engines, including ClamAV and an ML classifier. It contains an embedded URL pointing to 'wastran.ru', which is flagged as suspicious. The PDF structure and embedded content suggest it is designed to trick the user into visiting this URL, likely as part of a phishing campaign or to download further malicious content.

Machine Learning

Nyx PDF Classifier malicious score 0.6016

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://wastran.ru/uplcv?utm_term=graphic+design+agency+profile+pdf PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.