Malicious PDF — malware analysis report

Static analysis result for SHA-256 ca73338ff970afb3…

MALICIOUS

PDF

39.4 KB Created: 2021-04-02 01:00:52 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: b967ca68ee096005f64d242ef6a5c2cb SHA-1: 7f90e78602ab36c867b0fe83aa26b131a7866174 SHA-256: ca73338ff970afb336f7119548917d8ba6de8da64808959ffb8de005fcaa4ec5
114 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF is identified as a phishing lure due to its small size and image-heavy content, typical of a screenshot designed to hide an actionable link. The embedded URL `https://baarspo.ru/award?keyword=new+international+business+english+pdf+free+download` is the primary indicator of malicious intent, likely serving as a gateway to a phishing page or malware distribution. ClamAV and ML classifiers also flagged this file as malicious, reinforcing the phishing/trojan classification.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8359

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 39 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://baarspo.ru/award?keyword=new+international+business+english+pdf+free+download
    • http://groby-ritual.online/7888962475tcmlc.pdf
    • http://reduslim-italia.website/dadizopejomejexozikuwfnm70.pdf
    • https://cdn.sqhk.co/tofigidukug/gmhb5ha/18938730760.pdf
    • http://wbigs.space/tabla_de_pulgadas_a_mm6d46y.pdf
    • https://cdn.sqhk.co/gufojakig/jjiaghz/listen_nursery_rhymes_online_free.pdf
    • http://akillidestekbasvuruformu.online/real_drift_pc_game_free_downloadrrq0x.pdf
    • https://cdn.sqhk.co/salenasova/2jahdNu/telepojugul.pdf
    • https://cdn.sqhk.co/rokogikapo/ijhihda/super_stick_fight_times.pdf
    • https://cdn.sqhk.co/naxupowu/hfZdheO/gopototozolebepu.pdf
    • http://rubisteq.online/sloan_flushmate_parts_list3kv5i.pdf
    • https://s3.amazonaws.com/posufij/chomsky_competence_and_performance.pdf
    • https://s3.amazonaws.com/tulosa/drowning_guide_rock_ne.pdf
    • https://7b806e58-2e0f-4c22-b5e1-e0f71c4d6e86.filesusr.com/ugd/8da65f_2dd3007c7887457794110d18370a2bd9.pdf?index=true
    • https://e028ba52-6c86-493e-86b7-fecf7cd1c3eb.filesusr.com/ugd/bcb9fd_772b9896c67b433aae8ab661d2858741.pdf?index=true
    • https://945c5b1a-9feb-4a08-b72d-c905ca1b1520.filesusr.com/ugd/27135d_9ca515b254d7459398f41073a9b2d6eb.pdf?index=true
    • https://f8d82b49-d438-4da2-b906-f876cb6fe635.filesusr.com/ugd/12dc78_a3687f26bb4c4c70bf0c5b7ae2a3d7ea.pdf?index=true
    • https://s3.amazonaws.com/kakekojezutok/sulugugagevawo.pdf
    • https://070488ba-e3d9-4c74-834b-445551f5513c.filesusr.com/ugd/fb83f1_751c789a67304f45aeb74b79734445ef.pdf?index=true
    • https://18b09f4e-de4d-4c1b-9fe6-be55c63b1c00.filesusr.com/ugd/cd81e9_9616775555a54d2a974b32b3717a3bb0.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.