PDF malware analysis — malicious · c4e9cf103c08f839

MALICIOUS

PDF

143.0 KB Created: 2021-09-07 06:28:05 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-02

MD5: 46908964319ec1c243fdfc0126609383 SHA-1: 08f9ddcb7ee37648a2f87c4be9f8da191a96f643 SHA-256: c4e9cf103c08f8396a8bbebb6703d13a24c597f8e89157bd081d4fec5829c422

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a signature indicating phishing and trojan activity. It contains an embedded URI pointing to a URL that, while currently flagged as benign, is suspicious in the context of a malicious PDF. The PDF structure and metadata suggest it was generated by wkhtmltopdf, which can be used to create malicious documents. No scripts were extracted, limiting the analysis of specific execution behaviors.

Machine Learning

Nyx PDF Classifier clean score 0.2186

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/Uplcv/~3/FevRqgeaUVY/uplcv?utm_term=como+despertar+el+tercer+ojo+libro+pdf PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.