PDF malware analysis — malicious · df755ed0b7598b5a

MALICIOUS

PDF

141.5 KB Created: 2021-06-12 10:31:29 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-05

MD5: 28fe0e93e7bddfe34909d184d28c4f70 SHA-1: ac86afa4c528e7ee9b58bd0bef1e48ed0f283dea SHA-256: df755ed0b7598b5a28552ac4c52b2d404bdf13b87d2581f122ad3b8a584f048c

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a specific signature indicating it is a phishing trojan. It contains an embedded URI pointing to a suspicious domain, which is likely used to host phishing content or download further malicious payloads. The document body, though heavily obfuscated, contains metadata suggesting it was generated by wkhtmltopdf, and the embedded URL's query parameter relates to a movie release date, indicating a social engineering lure.

Machine Learning

Nyx PDF Classifier suspicious score 0.2708

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://drafthe.ru/uplcv?utm_term=frozen+2+tv+release+date PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.