Malicious PDF — malware analysis report

Static analysis result for SHA-256 bbbe0499779e338a…

MALICIOUS

PDF

62.7 KB Created: 2021-03-25 00:42:34 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-22
MD5: e4af57fd9763538f157d827945e2b425 SHA-1: 72d4f65f8a4a3dc157fec630906389c53c107c21 SHA-256: bbbe0499779e338ae28cbb739e4f0dff561ff39890a21e950d555c33378e901f
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9584

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gimoguvi.ru/award?keyword=advanced+business+english+worksheets+pdf PDF link annotation
    • https://cdn.sqhk.co/lolajelor/Dq7Vicn/torazeb.pdfIn PDF document text
    • http://xoxuvajes.mywebcommunity.org/rachmaninoff_vocalise_piano_sheet_music.pdfIn PDF document text
    • http://banademebilite.sportsontheweb.net/levantine_arabic_dictionary.pdfIn PDF document text
    • https://cdn.sqhk.co/bulunazi/jgfQiVE/44679671384.pdfIn PDF document text
    • http://dipenoguzel.sportsontheweb.net/iiser_aptitude_test_previous_years_question_papers_with_answers.pdfIn PDF document text
    • http://dekovag.mypressonline.com/7515312173.pdfIn PDF document text
    • https://cdn.sqhk.co/rufebumu/diictE3/revokugudid.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/8f2e0795-3350-456d-bb88-ac7e333babcf/how_do_you_remove_the_back_of_a_timex_watch_to_replace_the_battery.pdfIn PDF document text
    • https://s3.amazonaws.com/jiwotarotavuz/haier_5000_btu_air_conditioner_walmart.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/492f02b2-c2b9-4809-a53e-425f50a7b2d5/viwijajugoda.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/4f96a6e1-4434-4349-a1bf-e488fdf9eab3/what_is_the_best_book_for_anxiety_and_depression.pdfIn PDF document text
    • https://s3.amazonaws.com/punagilelabon/54873276931.pdfIn PDF document text
    • http://jewojov.epizy.com/define_dietary_guidelines_for_the_caribbean.pdfIn PDF document text
    • https://s3.amazonaws.com/duzexefemosaxe/template_literals_in_python.pdfIn PDF document text
    • https://s3.amazonaws.com/sesijesule/36408069575.pdfIn PDF document text
    • http://tenurusimuxu.epizy.com/21951978575.pdfIn PDF document text
    • https://4590046d-f0a9-4171-b8a0-56ff8c1fe63c.filesusr.com/ugd/0bfb20_77d50a5b2ea9483aaec4f2ef09477b29.pdf?index=trueIn PDF document text
    • http://jitawidavez.atwebpages.com/53172888553.pdfIn PDF document text
    • https://0c2a7d7b-be9d-4ef2-a94c-09ca905cc17d.filesusr.com/ugd/7d21c0_e7123c4049124cc2b35af0cf4c022a5d.pdf?index=trueIn PDF document text
    • https://s3.amazonaws.com/werowibovezoje/how_to_make_rhythm_game.pdfIn PDF document text
    • http://xekalorebopir.rf.gd/penaxebo.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.