Malicious PDF — malware analysis report

Static analysis result for SHA-256 ce9e084de3083632…

MALICIOUS

PDF

59.9 KB Created: 2021-02-28 16:28:40 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-15
MD5: 8e00f6bc2789526dc2f5fca000149fc2 SHA-1: 9c072a592e41eee0c90e35ca82ead63450b063e3 SHA-256: ce9e084de3083632d68054c2b5993e794916e0c831766ea3f7a61d6129c1e359
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, with a specific detection name indicating phishing and trojan characteristics. The presence of an external URI pointing to 'druttle.ru' suggests a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF format and the nature of the detected threat imply potential for embedded malicious JavaScript or other exploit mechanisms.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9952

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://druttle.ru/award?keyword=the+secret+rhonda+byrne+movie+trailer PDF link annotation
    • https://cdn.sqhk.co/pifizumux/ehijgii/republique_dominicaine_visa.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4482880/normal_5ffcd188ec148.pdfIn PDF document text
    • http://simopuvoramawu.mywebcommunity.org/dirt_devil_featherlite_bagless_upright_vacuum_belt_size.pdfIn PDF document text
    • http://bulakirip.getenjoyment.net/description_of_a_stormy_sea.pdfIn PDF document text
    • https://cdn.sqhk.co/ripigopes/IhchhMH/rumevowumewowedumu.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4425913/normal_5feb289121ec0.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4488842/normal_601ab73aca93b.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4379987/normal_5ffa93b78f94c.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4417653/normal_5fccb68289c3e.pdfIn PDF document text
    • http://pevurevakube.rf.gd/43798648721.pdfIn PDF document text
    • https://s3.amazonaws.com/litunux/13091378759.pdfIn PDF document text
    • http://lojabupabavize.onlinewebshop.net/piriformis_syndrome_exercises_and_stretches.pdfIn PDF document text
    • http://zubiluwetij.myartsonline.com/first_90_days_in_leadership_role.pdfIn PDF document text
    • http://tafiwepamubov.atwebpages.com/87226026139.pdfIn PDF document text
    • https://s3.amazonaws.com/zufojadibi/balancing_chemical_equations.pdfIn PDF document text
    • https://s3.amazonaws.com/numunenoji/vamumokazunuludefalopevi.pdfIn PDF document text
    • http://vugikalijuboxo.epizy.com/77580785459.pdfIn PDF document text
    • http://vokesakogo.onlinewebshop.net/85968888163.pdfIn PDF document text
    • https://s3.amazonaws.com/rijaliwiguvex/15072883625.pdfIn PDF document text
    • http://lurorozowuwa.rf.gd/91852525933.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.