Malicious PDF — malware analysis report

Static analysis result for SHA-256 d88d86cd476f3e3e…

MALICIOUS

PDF

64.0 KB Created: 2021-04-11 19:24:57 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-18
MD5: 1c9525e17bdd8e3b077d75f60bb06718 SHA-1: 3bbfc65f96dc61e35405a458ff001e4635c26e9c SHA-256: d88d86cd476f3e3ee894c78154a19ba28121a90654d04562e16d5389d4592f54
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URI pointing to an external URL. ClamAV detected this file as a phishing trojan. While no scripts were extracted, the presence of an external URI and the heuristic firings suggest a phishing or malware distribution attempt, likely initiated via a spearphishing attachment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6873

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/Uplcv/~3/zMnd8XtcwSM/uplcv?utm_term=esculturas+de+barro PDF link annotation