Malicious PDF — malware analysis report

Static analysis result for SHA-256 bb55543a7795a989…

MALICIOUS

PDF

63.7 KB Created: 2021-09-14 12:02:21 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-14
MD5: c77ab66653756adc32e759b9cd2df8fa SHA-1: 6346de4e99605931a5352881ca5b6e46fce03650 SHA-256: bb55543a7795a989d6e115bf582e5ca04a60be947f84658502582672cba021e8
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The presence of multiple embedded URLs, some of which are unknown, suggests an attempt to redirect the user to malicious content. Although no scripts were explicitly extracted, the PDF structure and embedded URIs point towards a phishing or malware distribution scheme.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5336

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ambvetesopo.eu/userfiles/files/37264700929.pdf In PDF document text
    • http://woodwaysindia.com/uploads/94354875317.pdfIn PDF document text
    • http://bftt.marketsearching.com/upload/files/80169265946.pdfIn PDF document text
    • http://thecuriosityshot.com/35320116966.pdfIn PDF document text
    • http://shmgec.com/Uploadfiles/files/91677883036.pdfIn PDF document text
    • https://curewelldiabetes.com/userfiles/file/givoridusirokezuga.pdfIn PDF document text
    • https://concurs-euclid.ro/upload/fck/nuzuwudanuwezu.pdfIn PDF document text
    • https://feedproxy.google.com/~r/Uplcv/~3/Om9ozkHLxGw/uplcv?utm_term=react+native+emulator+androidPDF link annotation