Malicious PDF — malware analysis report

Static analysis result for SHA-256 d9e2000a3bf4f935…

MALICIOUS

PDF

108.2 KB Created: 2021-06-30 18:03:57 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-07
MD5: 37e6adad75b04eab5dd8fd3b4ed3d651 SHA-1: e76766a938f6bb5f4bdfc6697f9906b3ec4d5176 SHA-256: d9e2000a3bf4f935c0917170f0c25d43b4d2da6c42f696ad26f2421ae91d1558
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as a malicious PDF by ClamAV. It contains an embedded URI pointing to the domain 'medvor.ru', which is likely used for phishing or malware distribution. The PDF structure and embedded link suggest an attempt to trick users into visiting a potentially harmful external resource.

Machine Learning

  • Nyx PDF Classifier clean score 0.2136

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://medvor.ru/uplcv?utm_term=set+for+life+draw+1809 PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.