Malicious PDF — malware analysis report

Static analysis result for SHA-256 c981f0d913ba3f2f…

MALICIOUS

PDF

61.3 KB Created: 2021-04-01 18:22:08 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 991c988e22cab3e76e761597425947a6 SHA-1: 7d06949e0c08e9a4dd1e2554da4dd5e2fbbe9ead SHA-256: c981f0d913ba3f2ff01428bce2fe8dc173d2210de1ff6cf1b5d4a4240d0f72d3
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document identified as malicious by ML classifiers and ClamAV. It contains an embedded URI pointing to 'fokemale.ru' which is disguised as a Barclays online statement, indicating a phishing or credential harvesting attempt. The presence of embedded URLs and the nature of the detection suggest it's designed to trick users into visiting malicious sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9400

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://fokemale.ru/award?keyword=barclays+online+statement+pdf+password
    • http://roskycnmx.com/1_4_tazas_de_harina_en_gramosl8xo2.pdf
    • http://kimugifogetami.medianewsonline.com/ribalepomomen.pdf
    • http://lazujifoxupa.getenjoyment.net/what_happens_if_phone_battery_is_overcharged.pdf
    • http://nitapida.mywebcommunity.org/history_of_computer_download.pdf
    • http://cocobuka3.xyz/what_is_i_according_to_carl_rogers_theory_of_personalitytd6rm.pdf
    • http://lestyprin.online/mojixipanalcvgiq.pdf
    • http://bixekakazozerol.mywebcommunity.org/alter_ego_plus_a1_cahier_d_activits.pdf
    • http://vowuzemiru.medianewsonline.com/32797516063.pdf
    • http://xovijezup.mywebcommunity.org/dokisuzoxenuxigozabem.pdf
    • http://vepenuvix.mygamesonline.org/programa_festival_internacional_cervantino_2020.pdf
    • http://idealica-ituficiale.website/fufarikanms005.pdf
    • http://7gusevshop.website/pexesndhuw.pdf
    • http://naykaryadom.fun/etude_e_major_chopin_sheet_musicpqr8o.pdf
    • http://giftcard-sale.store/sled_driver_brian_shul5eqpy.pdf
    • https://uploads.strikinglycdn.com/files/5c3bdaf2-dc85-4cf3-a839-b7bf1773b93d/3483333868.pdf
    • https://uploads.strikinglycdn.com/files/10c4d41c-c7d1-4190-a6a7-6bbfc36c9690/53997171829.pdf
    • https://uploads.strikinglycdn.com/files/7377a49e-99dc-402a-96f6-b1d8bf42a957/what_are_the_social_problems_in_the_united_states.pdf
    • https://uploads.strikinglycdn.com/files/d1e78ebd-aaa0-4218-8866-cded374b17f9/english_idioms_with_meanings_in_hindi.pdf
    • http://gevejonitu.onlinewebshop.net/dell_1907fpt_specifications.pdf
    • http://sazebufaz.atwebpages.com/gasuzulovamit.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.