Malicious PDF — malware analysis report

Static analysis result for SHA-256 c84f8d675959a88d…

MALICIOUS

PDF

76.3 KB Created: 2021-03-14 07:03:38 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: add9237adb1f756a8de3716ebcc537b0 SHA-1: 73b31f7277c3cfa91ebaf1481f4802d1fdd6129f SHA-256: c84f8d675959a88d69c674f8b074864657408a269d59cab45e0f3e741f0a36ef
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The file is a PDF containing an embedded URI that points to a suspicious domain, masquerading as a search result for a specific PDF. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded URL likely serves as a lure to a phishing or malware distribution site, aligning with spearphishing tactics.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5828

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://maypoin.ru/award?keyword=calculus+early+transcendentals+2nd+edition+pdf+reddit
    • http://dilurijarejo.22web.org/66301715270.pdf
    • http://jevafurevozu.mygamesonline.org/stillwater_ok_drivers_license_testing.pdf
    • http://pobesegu.scienceontheweb.net/famous_positive_mindset_quotes.pdf
    • http://gewusoluxul.scienceontheweb.net/latest_banking_awareness_2020.pdf
    • http://vajogeboru.iblogger.org/philips_android_tv_airplay_2.pdf
    • https://cdn.sqhk.co/verexoleki/jckjbs6/53017352634.pdf
    • http://lisojuribopuwad.22web.org/sims_freeplay_gingerbread_house_template.pdf
    • https://cdn.sqhk.co/fumodolanes/if5jiY9/9111492726.pdf
    • https://cdn.sqhk.co/rexadiwixox/isVVPhb/tixiz.pdf
    • https://cdn.sqhk.co/wegabunuti/gdIiaNt/rotosajedizikosu.pdf
    • https://cdn.sqhk.co/vimewiki/jcNGicV/32861515125.pdf
    • https://s3.amazonaws.com/vitelitubovuluj/vulegawovawawifo.pdf
    • http://dowafirowelumex.atwebpages.com/what_is_chi_chi_drink.pdf
    • https://cd29ef07-728f-4a0b-b57b-23e770395c36.filesusr.com/ugd/f14cf6_faaf38e8bb6044aeb2fa7a536615ee6b.pdf?index=true
    • http://lofadezowudekeg.epizy.com/zilelibim.pdf
    • https://bbaef297-c986-4b42-acb3-0fd65605e280.filesusr.com/ugd/e9fc71_3dbe6d173da4414ca8df9bcea8b84ac0.pdf?index=true
    • https://c81c1a69-aec6-471c-ac34-7a6800eafc69.filesusr.com/ugd/9ef1ea_b3a486e6bc0544899dbe503605f3c46a.pdf?index=true
    • https://aa5f33e9-793b-4807-a257-9eac84d314d0.filesusr.com/ugd/aa57b2_17209d36627c49b8aa6a3bea41246786.pdf?index=true
    • http://jatomadot.rf.gd/animal_farm_vocabulary.pdf
    • http://bojuzafi.rf.gd/set_aside_prayer.pdf
    • https://s3.amazonaws.com/satuja/fojefiton.pdf
    • https://s3.amazonaws.com/gotitibekovi/marco_reus_injury_report.pdf
    • https://cd753cf5-d90a-4073-9c55-931a76e81761.filesusr.com/ugd/8826df_dc74db0765ce41e4b4205219228c8848.pdf?index=true
    • https://s3.amazonaws.com/fotojipifuzitul/javascript_interview_questions_answers_free_download.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.