Malicious PDF — malware analysis report

Static analysis result for SHA-256 d7741dc82ea59feb…

MALICIOUS

PDF

59.7 KB Created: 2021-05-12 01:01:58 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 00d766d452b31e196db77316bfdaca88 SHA-1: 2b0a8edf8f3dc61c082fad8e5149ff39bb479cb3 SHA-256: d7741dc82ea59feb1d01529218257c880fd9a67a278f2355e3c241bb315a32ad
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, specifically as a phishing trojan. The embedded URL and the document's apparent theme suggest a social engineering lure to trick users into downloading further malicious content. No scripts were extracted, but the PDF structure itself likely contains exploit code or redirects.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9433

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://allytemp.ru/uplcv?utm_term=dmv+driving+test+questions+and+answers
    • https://www.lightingdynamics.com/wp-content/plugins/super-forms/uploads/php/files/5f8d57391c604fecbb4c3269bc06860d/96946231210.pdf
    • https://www.msolartop.cz/wp-content/plugins/formcraft/file-upload/server/content/files/1606d7f4961cb3---7131181932.pdf
    • https://www.icslights.com/wp-content/plugins/super-forms/uploads/php/files/4d27c3b78809930e2862277943841148/fisalev.pdf
    • https://arihantgranites.in/wp-content/plugins/super-forms/uploads/php/files/1rn3171ikl0s9e99n19pdo5bp4/zudalizef.pdf
    • https://pensionatiitalianiinportogallo.it/wp-content/plugins/super-forms/uploads/php/files/c1f1f5702f06dfdd11080415116ed9e9/3457495357.pdf
    • http://www.garriagricola.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607ab2547c5ee---85472182487.pdf
    • https://xn--80aaaglcftt5alesfkk7f.xn--p1ai/wp-content/plugins/super-forms/uploads/php/files/b685d34015347442e6ce959106eb1326/sefabuvunafa.pdf
    • https://grafitpoint.ru/wp-content/plugins/super-forms/uploads/php/files/2e069ef24de8ff90c0d12727dc32c21a/gilekefisiborinodoru.pdf
    • http://securitydirect.it/wp-content/plugins/super-forms/uploads/php/files/c9465c105be0f68aeab14695d33324e4/rivisufen.pdf
    • http://accurateverdicts.com/wp-content/plugins/formcraft/file-upload/server/content/files/16085b907b8869---55833353346.pdf
    • http://www.kocay.com.tr/wp-content/plugins/formcraft/file-upload/server/content/files/160922bfd4b144---vulawikaxuvekenizibabove.pdf
    • https://xn--i1aam8cb.xn--p1ai/wp-content/plugins/super-forms/uploads/php/files/b325e79c11a98771f4fb3cf7923c968b/74388514054.pdf
    • http://halvani.com/wp-content/plugins/formcraft/file-upload/server/content/files/160773e0b96b32---63471638486.pdf
    • https://wacee.net/wp-content/plugins/formcraft/file-upload/server/content/files/1607a6328cdabe---49254033458.pdf
    • https://www.pietri-automobiles.com/wp-content/plugins/super-forms/uploads/php/files/vfkiu5qlf9uj59csg0ekfdfvm4/82585289535.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.