PDF malware analysis — malicious · cb896e5f620daabd

MALICIOUS

PDF

252.2 KB Created: 2022-06-15 15:12:17 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3)

MD5: 267b1a9376c24ca7a8668c2928ae65ea SHA-1: c0a043f7df8385bb10d97e29a8e10804fcdfa11e SHA-256: cb896e5f620daabd0c577528229232ea4e81b8eff8d8cfacb210129dd2187e40

70 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The file is identified as a malicious PDF by ClamAV, specifically as Pdf.Phishing.Trojan. It contains embedded JavaScript and an external URI pointing to a suspicious domain, indicating a phishing attempt. The PDF likely exploits a vulnerability or uses social engineering to redirect the user to the malicious URL, aiming to steal credentials or deliver further malware.

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
External URI info PDF_URI

PDF contains an external URL action

URL https://colod.co.za/XSRYdR1H?utm_term=pignon+cremaillere+dimensionnement+pdf++full

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00037421.bin` `a75061cd4da298547dd56c94984293d80a7e1b2b0efb88dbe2f7c14875ffd02f`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x37421	11064 bytes
`font_01_sfnt_off00038db8.bin` `9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x38DB8	16792 bytes
`font_02_sfnt_off0003a5ca.bin` `de7726a25d183ab06b388d58608c9449ec7162af50735f6b8070060c1de8d359`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x3A5CA	22480 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.