Malicious PDF — malware analysis report

Static analysis result for SHA-256 bcf0f0d669718432…

MALICIOUS

PDF

50.6 KB Created: 2020-12-22 04:50:07 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: f8bd9882804a62c5b351dbd155b45190 SHA-1: 3cbff16c595573dc301c4dc7bc69a55e23794989 SHA-256: bcf0f0d6697184326f242e09f9744cfb755315ba89edaf96577e2e71854f81dd
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF file was detected as malicious by ML classifiers and ClamAV, specifically identified as a phishing trojan. It contains an embedded URI pointing to 'trafffe.ru', which is likely part of a phishing campaign. Although the document body appears corrupted, the presence of the malicious URL and the detection signatures strongly suggest a phishing attack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6779

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://trafffe.ru/aws?utm_term=heads+or+tails+coin+toss+worksheet
    • https://mejefarekobuk.weebly.com/uploads/1/3/4/3/134338461/mefiz.pdf
    • https://toxoladosa.weebly.com/uploads/1/3/4/4/134479392/lanixifije-papubosited-kabadejosaxusuv.pdf
    • https://nowiwadigomu.weebly.com/uploads/1/3/4/0/134018048/319fc7.pdf
    • https://zamelati.weebly.com/uploads/1/3/4/6/134652334/3c8879e2b2.pdf
    • https://uploads.strikinglycdn.com/files/b42c5528-b3c9-4e43-aa9a-a97259f822cf/hiketop_gift_code.pdf
    • https://s3.amazonaws.com/gurowozenupifi/98733642607.pdf
    • https://static1.squarespace.com/static/5fdc7a3b0a190b16b315946c/t/5fdcab7c113da4610cae6016/1608297344107/python_exception_message_format.pdf
    • https://static1.squarespace.com/static/5fc18f8d0a2757459be7919f/t/5fc4420c6457125654c3545e/1606697486205/raid_shadow_legends_hack_apk_1.11.5.pdf
    • https://s3.amazonaws.com/fidefofudi/digabodegipakinegit.pdf
    • https://s3.amazonaws.com/mizeteb/holy_anointing_oil_recipe.pdf
    • https://s3.amazonaws.com/sixenogafopoj/mozuwepevedatelovor.pdf
    • https://s3.amazonaws.com/kikunojulejuj/bsplayer_pro_2._70_serial.pdf
    • https://s3.amazonaws.com/vososasoxumete/compound_interest_worksheet_for_grade_8.pdf
    • https://uploads.strikinglycdn.com/files/29326511-8468-4bd6-89f8-de4734b24966/5_e_model_lesson_plan.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.