Malicious PDF — malware analysis report

Static analysis result for SHA-256 e69c7517934f751d…

MALICIOUS

PDF

76.3 KB Created: 2021-03-23 18:01:52 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 3b66f0fbe1c18b0e8db5e0cacc399056 SHA-1: 4fe7c7c113bf034f374230c6be0c99739a756c1c SHA-256: e69c7517934f751de178c5f010d95bb12cba532cb56b5950c0cc91cd67d22254
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The file is a PDF document that contains a URL disguised as a search result. The ML classifier and ClamAV detection strongly indicate malicious intent, likely phishing or trojan delivery. The embedded URL points to a suspicious domain, suggesting the document's primary purpose is to redirect users to a malicious site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8403

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://kuzutuzo.ru/award?keyword=best+pdf+annotation+app+for+mac
    • https://cdn-cms.f-static.net/uploads/4451374/normal_604efba40da19.pdf
    • https://cdn.sqhk.co/putizimetiwe/Djhjcu0/42694995269.pdf
    • http://molotkov.site/how_deep_is_lady_bird_lake_in_austinal27w.pdf
    • https://cdn.sqhk.co/waxobakal/Whf5vp1/woramitaj.pdf
    • http://texno3ua.com/reference_point_software_freej4adp.pdf
    • https://cdn.sqhk.co/govuzupikiwe/rgipxgf/halloween_wallpaper_cute_iphone.pdf
    • https://cdn.sqhk.co/tosilura/ghighaZ/sleep_sounds_free_30_minutes.pdf
    • http://znakomstva18x.site/subifogajofofujinifolo7ol0q.pdf
    • https://cdn-cms.f-static.net/uploads/4417652/normal_602746efbe91e.pdf
    • http://cocobeautybar.ca/bratz_dolls_black_lives_matter3fizw.pdf
    • https://cdn.sqhk.co/tumowara/hcij1ia/playgo_gourmet_kitchen_appliances_set.pdf
    • http://titanovyi-filtr.ru/blouse_designs_photos_simplen68we.pdf
    • http://9gusevshop.website/687100241032824a.pdf
    • http://monongzhlh.space/85830827118qdt82.pdf
    • https://static.s123-cdn-static.com/uploads/4385417/normal_5fe2aa8f9c688.pdf
    • https://s3.amazonaws.com/radubozufiwo/silibutaboli.pdf
    • https://s3.amazonaws.com/desekusoxi/mymathlab_statistics_answer_key.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.