Malicious PDF — malware analysis report

Static analysis result for SHA-256 c34e1d9d591db127…

MALICIOUS

PDF

65.3 KB Created: 2021-03-18 16:44:22 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: ca0459667636c0f7820b5eb7e2a842a2 SHA-1: bb3f46554fefa6c55e7e8546e1034be585a571b8 SHA-256: c34e1d9d591db127064db644b49924b8489203549e73cec96116883efed5af77
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The presence of an embedded URI pointing to 'xajibur.ru' suggests an attempt to deliver a secondary payload or redirect the user to a malicious site. Although no scripts were explicitly extracted, the PDF structure and embedded URI are indicative of a phishing or malware delivery attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5377

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://xajibur.ru/wix?keyword=granite+outdoors+baitcast+reel+manual
    • http://nevinidonet.mywebcommunity.org/margaritaville_machine_key_west.pdf
    • https://static.s123-cdn-static.com/uploads/4373516/normal_5fdff7c204cdd.pdf
    • https://cdn-cms.f-static.net/uploads/4382430/normal_602d69c5b2b66.pdf
    • https://static.s123-cdn-static.com/uploads/4445737/normal_600363ed60ade.pdf
    • https://cdn-cms.f-static.net/uploads/4410013/normal_600cf1563ff3e.pdf
    • https://nubokulusavabum.weebly.com/uploads/1/3/4/7/134702007/kuzadeledi.pdf
    • https://static.s123-cdn-static.com/uploads/4370540/normal_600026b68ba5d.pdf
    • http://lofeboxirav.iblogger.org/cant_stop_wont_stop_powder_foundation.pdf
    • https://cdn-cms.f-static.net/uploads/4426828/normal_604e3ce491e55.pdf
    • http://suraneb.scienceontheweb.net/how_to_take_better_pictures_on_iphone_xs_max.pdf
    • http://sigixexizo.sportsontheweb.net/action_words_flash_cards.pdf
    • http://gonunimob.iblogger.org/50506431365.pdf
    • https://tasitonedilegu.weebly.com/uploads/1/3/5/3/135301248/wisepobagowoxoso.pdf
    • https://siwizapetodid.weebly.com/uploads/1/3/4/0/134041585/kigawedorusaxir.pdf
    • http://vivemowirarok.rf.gd/making_tax_digital_xero_guide.pdf
    • http://navezep.epizy.com/fajigaru.pdf
    • http://livikunaxexo.rf.gd/86367290062.pdf
    • https://51fd5013-30c4-43d1-89ce-86564632a3b5.filesusr.com/ugd/9f06f8_c627fbe029ec4ff08d59cbe29519eea9.pdf?index=true
    • https://d992f69e-bc5b-430a-92d7-abfd66d0380b.filesusr.com/ugd/6f7357_f71aaf4bb4ae4920a0e3b35d09001b68.pdf?index=true
    • http://vekamodadon.onlinewebshop.net/85491023765.pdf
    • https://0e627107-309b-4451-a84d-e7064c41fccd.filesusr.com/ugd/04c368_029ed8f2edec4b20bd459d7eee03dc54.pdf?index=true
    • http://zogoxuf.atwebpages.com/kirajegozopi.pdf
    • https://91c7bc9f-df77-4dbd-ae51-8bcf521f3e61.filesusr.com/ugd/1df9ea_35721f3bd7c247b09982cee09c662f43.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.