Malicious PDF — malware analysis report

Static analysis result for SHA-256 bfc3078cc56b49f5…

MALICIOUS

PDF

41.4 KB Created: 2020-11-22 08:31:34 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 83ad3e8b928a6cfdc43df59df75e8c3f SHA-1: 7f9c8cea1df60f60c99c11b32d7ff2e726180867 SHA-256: bfc3078cc56b49f56e0b95ddb1a984208eb87be71f42f634731ff57a9bc07108
114 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file is identified as malicious by ClamAV and an ML classifier. It employs a common phishing tactic by presenting a full-page image as a lure, with an embedded URI that likely leads to a malicious site. The PDF's structure and the presence of an external URI strongly suggest it's designed to redirect users to a potentially harmful destination.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6525

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 41 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://trafffi.ru/aws?utm_term=ranti+mi+song+by+bukunmi+oluwasina
    • https://ponamuti.weebly.com/uploads/1/3/4/5/134513888/mikaragupukob.pdf
    • https://cdn-cms.f-static.net/uploads/4444643/normal_5fa6e79da8878.pdf
    • https://cdn-cms.f-static.net/uploads/4366367/normal_5fafbe22dceed.pdf
    • https://vefesipawadupo.weebly.com/uploads/1/3/4/7/134746991/puxedetip.pdf
    • https://firerokuk.weebly.com/uploads/1/3/1/1/131164187/16b0b948d2e71.pdf
    • https://xizadububexo.weebly.com/uploads/1/3/4/5/134595199/9f1f63ad52.pdf
    • https://uploads.strikinglycdn.com/files/fa023d1f-f560-4c9c-a1f8-aa679a1eb7c4/77386500079.pdf
    • https://uploads.strikinglycdn.com/files/c6afedca-de1c-4b30-955b-6ec597e629d7/zalekupajikodetexorizav.pdf
    • https://uploads.strikinglycdn.com/files/bb584e0d-45df-4cda-a4e0-a184b871dc09/temivegipazujopox.pdf
    • https://s3.amazonaws.com/biwuwukesazef/speed_and_velocity_worksheet_answer_key.pdf
    • https://uploads.strikinglycdn.com/files/bea259f9-70d0-4c03-a4e1-6f960366f43c/goat_simulator_goatz_free_download.pdf
    • https://uploads.strikinglycdn.com/files/74d20740-7e75-4dd5-82bc-c21b2d758d01/vizikaluvi.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.