PDF malware analysis — malicious · d04315b9bb05298a

MALICIOUS

PDF

52.5 KB Created: 2021-09-02 00:03:17 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-14

MD5: 8e05342d177ec7f2e1b2478f9dd487d2 SHA-1: 8e639fd567d33bdf06e48ef5cde328cb118a2673 SHA-256: d04315b9bb05298a50eaec82d205bcf3cf80e7abcefd573eb7685254e43b8e93

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to a suspicious URL, which is a common tactic for phishing or distributing further malicious content. The PDF structure and embedded URLs suggest it's designed to trick users into visiting a compromised site.

Machine Learning

Nyx PDF Classifier malicious score 0.8717

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://cructi.ru/uplcv?utm_term=starry+night+step+by+step+drawing PDF link annotation
- https://www.fyna.com.au/application/third_party/ckfinder/userfiles/files/55854851313.pdfIn PDF document text
- http://netpost.vn/upload/userfiles/files/20384602787.pdfIn PDF document text
- https://leunamgroup.com/wp-content/plugins/super-forms/uploads/php/files/fe8e2004a6e74e48570ebf168dbe7e51/mizisozazunemisiwokiw.pdfIn PDF document text
- http://rethabise.co.za/wp-content/plugins/formcraft/file-upload/server/content/files/160b255e34a397---32238951667.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.