Malicious PDF — malware analysis report

Static analysis result for SHA-256 d8e69f63fc90fd66…

MALICIOUS

PDF

68.1 KB Created: 2021-03-31 14:46:33 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-18
MD5: e338291cbb9ef43a4b17642a3b83a413 SHA-1: e9754470405884d8e81e04f569b88e5bbe1d22a0 SHA-256: d8e69f63fc90fd6635244735bf77a9674688cf260e8bccb18f85ed20a35cc95d
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8239

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jottigo.ru/award?keyword=behavioural+science+research+pdf PDF link annotation
    • http://rmk4sale.xyz/is_it_legal_for_teachers_to_post_pictures_of_students_on_facebookrs1uf.pdfIn PDF document text
    • https://cdn.sqhk.co/vaxikinanibu/LSVieCF/bulakomijogaxi.pdfIn PDF document text
    • http://topsalon.xyz/cork_board_sheets_1_inch_thick9zvv1.pdfIn PDF document text
    • https://cdn.sqhk.co/jigotove/oPlj3hj/38849195981.pdfIn PDF document text
    • https://cdn.sqhk.co/wazikunal/qWiehec/sizarevevozazegagopo.pdfIn PDF document text
    • https://cdn.sqhk.co/gunonutib/aYjfgjW/hitman_sniper_apk_obb_uptodown.pdfIn PDF document text
    • http://papepoxavabezaf.iblogger.org/kubave.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://uploads.strikinglycdn.com/files/de2985dd-4b6c-450a-8e76-f15e0006c94c/accu_chek_fastclix_lancets_cvs.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/dbc196ab-0d80-4553-9b8b-26b4b1aeb8af/how_often_to_replace_zoeller_sump_pump.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/ac73a59e-4c02-4039-89db-b1d01b3cfa0f/scary_stories_to_tell_in_the_dark_rating_australia.pdfIn PDF document text
    • http://gatokelemek.rf.gd/baaghi_film_hd_mein.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/c5a2cb60-7ca6-4742-b88c-232247656c80/timugikumawenifowopubej.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/fd4ca822-9448-43df-8f49-23785a80fd16/lowex.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/f8374a82-70ec-4d74-bf1f-6554b921ead7/solving_quadratic_equations_by_quadratic_formula_ppt.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/4c7e9cf5-c415-4d3e-a4e6-75494c42f98c/how_to_master_the_art_of_self_control.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/37a7beb7-6e72-41a4-a5f1-7520d132fc07/what_is_soccer_essay.pdfIn PDF document text
    • http://scripts.sil.org/OFLIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000ec70.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xEC70 5352 bytes
SHA-256: 3746acde168f163f86de28e1c6bbeae65b5409da1a259c52c713499781c2a9a6

Open this report in the interactive analyzer, or submit your own file for analysis.