PDF malware analysis — malicious · d14afd52193fa99a

MALICIOUS

PDF

47.7 KB Created: 2021-10-13 20:09:15 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-25

MD5: 550125b00a143a851935a2ad9a182f23 SHA-1: db66e579705f0f8e1737effa71b8cb3003a5fdfb SHA-256: d14afd52193fa99a0af4945b61017e9c90bdf38ee8805fbe7b579567d394f45e

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is a PDF document that has been flagged by multiple detection engines as malicious, specifically identified as a phishing trojan. It contains embedded URIs that point to external websites, suggesting an attempt to redirect the user to malicious content. While no scripts were explicitly extracted, the PDF structure and heuristic firings indicate a phishing or malicious content delivery attempt.

Machine Learning

Nyx PDF Classifier malicious score 0.5562

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://bitree.net/ckfinder/userfiles/files/88514244615.pdf In PDF document text
- http://sanmorales.es/userfiles/fiIn PDF document text
- https://feedproxy.google.com/~r/Gsjc/~3/1hHberoKktI/uplcv?utm_term=viceland+the+therapistPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.