PDF malware analysis — malicious · bd49274d16b290fe

MALICIOUS

PDF

55.3 KB Created: 2021-09-01 12:29:00 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-05

MD5: 5e770eeaebb1bae73a47598eb2f63566 SHA-1: 0f9b0add1eb05b6ec6dbe6c90880a9ba662cf719 SHA-256: bd49274d16b290fe564126d83f97a9f45f0b4c48aba8370de956be31d4a5b519

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to a URL that, while currently classified as benign, is likely used as a lure in a phishing or credential harvesting scheme. The PDF structure and embedded URI suggest an attempt to trick users into visiting a potentially harmful site.

Machine Learning

Nyx PDF Classifier malicious score 0.5063

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/skout/mBVl/~3/YTWXjIUwRh0/uplcv?utm_term=religion+within+the+boundaries+of+mere+reason+pdf PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.