PDF malware analysis — malicious · c56d0f8e7a08c06a

MALICIOUS

PDF

58.2 KB Created: 2021-03-04 13:57:19 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-14

MD5: 5d9cb482a86cbf7c3b5b49c73b5e933e SHA-1: 014ff25c8606c55ae835fa9f43db5ef06628a8cf SHA-256: c56d0f8e7a08c06a285a86c75e5402f197f89076bb2436c4abf5fee012a16c36

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URL pointing to a suspicious domain. ClamAV detection and ML classification indicate malicious intent, likely related to phishing or malware distribution. The document body, though heavily obfuscated, suggests a lure related to educational content to entice users to click the malicious link.

Machine Learning

Nyx PDF Classifier malicious score 0.5491

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://xezojetit.ru/award?keyword=clasificacion+de+numeros+decimales+ejercicios+resueltos PDF link annotation
- https://cdn-cms.f-static.net/uploads/4428054/normal_5fd923a6e3804.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4452161/normal_5fd33196e7261.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4489054/normal_60117e538759f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4455907/normal_5fd67fc11a9c6.pdfIn PDF document text
- https://cdn.sqhk.co/vulovosovem/fijD1AV/loud_war_sounds_roblox_id.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4367297/normal_5ff22994c2ab5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4502436/normal_603a2abb569a2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4454040/normal_5fd38f3c73edc.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4408174/normal_6023341ac58c7.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4372073/normal_60085965757ce.pdfIn PDF document text
- https://cdn.sqhk.co/zewumirapeb/KHF6hgp/heart_touching_love_messages_romantic_images.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4456376/normal_5ff409d7200a9.pdfIn PDF document text
- https://cdn.sqhk.co/nivavepe/jqjaSS8/jezotadixulobejorixuzu.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4388177/normal_6021d7e5d8234.pdfIn PDF document text
- https://cdn.sqhk.co/pisapaxosabo/hjWifhi/kekifofibig.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4390995/normal_6002270d85d6a.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4406775/normal_5fd07cd057eb6.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4388827/normal_5fd05921e2a24.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5c0a6710-0142-49e1-a592-75e70a42e52f/tone_it_up_reviews_2018.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f4bbd59f-7f15-4e74-bb57-5ed96a5040f7/what_is_osha_29_cfr_1926.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ecdaff06-87c9-493c-ab92-0f5e76566250/gatehouse_door_locks_rekey.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8f23d362-c356-4e62-9204-63a40660322c/how_to_connect_rca_universal_remote_to_insignia_tv.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4dcbb487-d50b-4d9b-9a56-7cf1d9c6911a/monopoly_rules_money_pounds.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/69af7296-89b5-46b6-bdd5-f8bfffe3f7ee/dog_man_and_cat_kid_movie.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.