Malicious PDF — malware analysis report

Static analysis result for SHA-256 cea590c16d65a088…

MALICIOUS

PDF

57.1 KB Created: 2021-06-02 23:56:11 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: b0126e87e70c43f8a029bcf758e84107 SHA-1: 14d091f669538def3c6f90f1990bb3de6e3cc3fe SHA-256: cea590c16d65a088bb1c5e056c273f1c26dd2293e4935a6f8f6d441212e9eec5
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The embedded URL points to a suspicious domain, suggesting it is used for phishing or to serve a second-stage payload. The document body, though heavily obfuscated, contains text related to a search query, which is a common lure tactic.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9084

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://coretry.ru/pbw?utm_term=how+many+cups+is+32+ounces+of+cream+cheese
    • https://static.s123-cdn-static.com/uploads/4425908/normal_5fe49a9eb46d7.pdf
    • https://cdn-cms.f-static.net/uploads/4406775/normal_603b4f39e0d1f.pdf
    • https://cdn-cms.f-static.net/uploads/4368474/normal_601f1c573d810.pdf
    • https://static.s123-cdn-static.com/uploads/4476782/normal_5ffbce5d57beb.pdf
    • https://static.s123-cdn-static.com/uploads/4408184/normal_5fc871b74992b.pdf
    • https://cdn-cms.f-static.net/uploads/4378160/normal_6028a192d84eb.pdf
    • https://cdn-cms.f-static.net/uploads/4379613/normal_605071bae6fce.pdf
    • https://uploads.strikinglycdn.com/files/1793bdb0-c2a7-438b-a182-ca71ea3083fd/42570878592.pdf
    • https://uploads.strikinglycdn.com/files/58ba6399-eee5-413e-b190-16b4ba052d8a/madesumipebew.pdf
    • https://uploads.strikinglycdn.com/files/9f61f263-9e21-404d-9c58-c054fdff1c1c/everyones_an_author_2nd_edition_with_readings.pdf
    • https://uploads.strikinglycdn.com/files/40f4011c-fbe1-468f-9e8d-1d705e42a9e2/81886443946.pdf
    • https://uploads.strikinglycdn.com/files/abbd81b7-253f-464b-87b9-910f7585efad/vedic_astrology_for_beginners_free_download.pdf
    • https://uploads.strikinglycdn.com/files/387600f5-8ec2-416d-b89f-4bcbba504a6b/78919106447.pdf
    • https://uploads.strikinglycdn.com/files/35eb31d0-2579-4362-860d-daf9856d81a5/2162030910.pdf
    • https://uploads.strikinglycdn.com/files/6ff456f2-c29a-4c3e-bfcd-c5206b2542ef/verukedid.pdf
    • https://uploads.strikinglycdn.com/files/009c1c7a-5975-4782-9607-ef5a906c99be/kuwejirojaposebigudur.pdf
    • https://uploads.strikinglycdn.com/files/4bb0d4b7-1481-4e72-8eea-c6e1eba50383/36589805357.pdf
    • https://uploads.strikinglycdn.com/files/3e6ec994-361c-4b62-8ab0-92cf385e4a42/mikekukalarisivatuxawakar.pdf
    • https://uploads.strikinglycdn.com/files/d77fb7ea-283d-4628-856f-d738442e889c/what_is_a_good_meal_plan_for_bulking.pdf
    • https://uploads.strikinglycdn.com/files/8b7b2376-cfc7-4e1e-9c1f-9e3af3695b29/83857783336.pdf
    • https://uploads.strikinglycdn.com/files/1094aa85-4ede-4fa1-be3b-ec5c4ab98e76/92270449229.pdf
    • https://uploads.strikinglycdn.com/files/333bb9be-d49f-472d-8775-9bacc4a81ed0/complete_list_of_italian_irregular_verbs.pdf
    • https://uploads.strikinglycdn.com/files/273d5a02-988d-4c78-b72f-c87b1fc42dc8/wabun.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.