PDF malware analysis — malicious · bce94439f243a07a

MALICIOUS

PDF

41.7 KB Created: 2021-09-25 18:00:37 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-31

MD5: f9f91011299961243124c2b6a5fe1037 SHA-1: 0ab63c6ccae343a7ab15ca33c04dcb540250b09e SHA-256: bce94439f243a07a41eceba4c327ff30ca03e6c2ecee027ecb14e7c01d6cfb23

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as a malicious PDF by ClamAV and an ML classifier. It contains embedded URLs that likely lead to phishing sites or further malware. The PDF structure and embedded content suggest it's intended to lure users into visiting these external resources, potentially for credential harvesting or malware delivery.

Machine Learning

Nyx PDF Classifier malicious score 0.5388

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://crysiq.ru/uplcv?utm_term=naruto+shippuuden+325 PDF link annotation
- https://pointvirgule.ca/upload/editor/file/maxejosenisiropivab.pdfIn PDF document text
- http://daltan.hu/uIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.