Malicious PDF — malware analysis report

Static analysis result for SHA-256 bd00f0173fa390d6…

MALICIOUS

PDF

43.2 KB Created: 2021-09-01 18:20:02 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-05
MD5: 9e05bf019920650ffc38f91e65ccc6d8 SHA-1: cbcb0cebeab88752f75440c07f9eb9c0a145cf0f SHA-256: bd00f0173fa390d6fe55779ada6af40544c7738e56a389dd99c20d58af9cc562
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a signature indicating it is a phishing trojan. The PDF contains an external URI that points to a URL, which is likely intended to redirect the user to a phishing site. The document body is heavily obfuscated, suggesting an attempt to hide malicious content.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3681

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/skout/mBVl/~3/DOqCt-cVA4I/uplcv?utm_term=important+current+affairs+questions+2020 PDF link annotation