Malicious PDF — malware analysis report

Static analysis result for SHA-256 d0fce07dcf496745…

MALICIOUS

PDF

65.6 KB Created: 2021-03-23 00:41:22 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 5e83dc15f389e1d1f8b2308e112f4a4a SHA-1: 3d27e9727a74f687a95a1b7d7c6d3208c9f8376b SHA-256: d0fce07dcf4967451bc8c88dfd665312d4055a62ba69c4e3a81c8bad0f5dd592
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URL disguised as a product review. The ClamAV detection and ML classifier indicate malicious intent, likely to redirect the user to a phishing or malware distribution site. The embedded URL is the primary indicator of this malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8638

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://dugedepap.ru/aws?utm_term=garmin+etrex+10+handheld+gps+review
    • https://cdn-cms.f-static.net/uploads/4387709/normal_5fd2012f747b2.pdf
    • http://govovimifakine.mywebcommunity.org/leave_letter_in_english_for_school.pdf
    • https://wivozodibadire.weebly.com/uploads/1/3/0/7/130775536/xovoxojari_zawiw_mobene_jadaxafema.pdf
    • https://wakutoji.weebly.com/uploads/1/3/4/3/134314583/muxofomemanekor_gibodixa_febexurixasuva_zitozidev.pdf
    • https://static.s123-cdn-static.com/uploads/4476142/normal_5ff9f8ad64cd3.pdf
    • https://ravawesasusede.weebly.com/uploads/1/3/4/5/134517270/5db3844a4a62e.pdf
    • https://static.s123-cdn-static.com/uploads/4460070/normal_5fcef7cd1e047.pdf
    • https://cdn.sqhk.co/merojuniv/jZEjbjh/20367715383.pdf
    • https://mubuxepuvu.weebly.com/uploads/1/3/1/3/131383429/dazawagef.pdf
    • https://cdn.sqhk.co/rolileduvof/jbhjieB/jofojewegekokiduxuj.pdf
    • https://static.s123-cdn-static.com/uploads/4450635/normal_5feb3197bbf99.pdf
    • http://vevaxogejaz.scienceontheweb.net/53384407015.pdf
    • http://ninomut.sportsontheweb.net/kigivovuniza.pdf
    • https://cdn-cms.f-static.net/uploads/4393359/normal_5fd7f5f188335.pdf
    • http://rigudozefogo.mypressonline.com/jevamizamokesak.pdf
    • https://cdn.sqhk.co/disidudi/jhggGkr/49235111876.pdf
    • https://kibugisire.weebly.com/uploads/1/3/4/0/134018652/1b84756.pdf
    • https://uploads.strikinglycdn.com/files/021fa58c-e8b0-4ff3-82d0-d11f97a6d386/jozabazajejugadowelexe.pdf
    • https://uploads.strikinglycdn.com/files/3dfcaeb0-ff96-4365-b154-189185e46d14/bezuxidiju.pdf
    • https://uploads.strikinglycdn.com/files/b59d5cdd-4927-4f96-83fc-3e57f0b675a2/omega_excalibur_remote_start_not_working.pdf
    • https://uploads.strikinglycdn.com/files/8a61bb6c-4ba2-4e3d-849e-b20c2c65948d/covid_health_and_safety_rules.pdf
    • http://widepidaba.atwebpages.com/aristotle_metaphysics_ross.pdf
    • https://uploads.strikinglycdn.com/files/4832f5a3-f33b-442b-815f-da3b190bc844/the_landlady_poem_ap_lit.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.