Malicious PDF — malware analysis report

Static analysis result for SHA-256 c940a19e7ff3de29…

MALICIOUS

PDF

49.6 KB Created: 2020-11-24 19:11:08 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: bdd182bdb6d57806626979cce291c151 SHA-1: 9d2ba1af70bdfe6471ab4ccba19dcd35dd9c865b SHA-256: c940a19e7ff3de29039187db8118d4f8bddefa44ce31cf4d06fb76b72976ee36
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document detected as malicious by ClamAV and an ML classifier. It contains an embedded URI pointing to a suspicious domain, which is likely used to deliver a secondary payload or conduct phishing. The document body, though heavily obfuscated, suggests a lure related to educational material.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9725

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://trafficel.ru/aws?utm_term=similes+and+metaphors+worksheet+year+6
    • https://cdn-cms.f-static.net/uploads/4385014/normal_5f8d1e05515e3.pdf
    • https://wutiboduselojo.weebly.com/uploads/1/3/4/6/134665342/kosetegixobob.pdf
    • https://cdn-cms.f-static.net/uploads/4367000/normal_5fa327f938fdd.pdf
    • https://pidadilux.weebly.com/uploads/1/3/4/6/134666204/lorewuk.pdf
    • https://cdn-cms.f-static.net/uploads/4370064/normal_5f8e379f1b6c2.pdf
    • https://uploads.strikinglycdn.com/files/b8ca3c24-5095-4e5d-a6a6-5d5873141936/tojuziwebagilimi.pdf
    • https://s3.amazonaws.com/tipikaxe/84962970041.pdf
    • https://s3.amazonaws.com/goneduzum/nilutidazatogabefudelulo.pdf
    • https://uploads.strikinglycdn.com/files/b77aba70-06ef-4f65-a8fa-891b1b45a7a0/ronikoletufanadikusoweto.pdf
    • https://uploads.strikinglycdn.com/files/009867c0-dd8f-461f-b458-00b07d1ac8a1/lefuwomisij.pdf
    • https://s3.amazonaws.com/fibesezati/tawiranigip.pdf
    • https://uploads.strikinglycdn.com/files/4cb8580e-49e4-401c-9558-76cf4c8466f6/rejanirotijafoda.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.