Malicious PDF — malware analysis report

Static analysis result for SHA-256 e73a0d3e03e56461…

MALICIOUS

PDF

84.6 KB Created: 2021-03-15 02:24:10 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-11-25
MD5: 7e21b1026ce4910ec985bfcbbb32b64e SHA-1: ec2f20b5fb454cafdf30f914abc54a24ca8b8f26 SHA-256: e73a0d3e03e56461b823d07daad55725f814dece263642f5735bd1e7fd88174f
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains a link to a suspicious external URL. The document body, though heavily obfuscated, appears to be a lure related to 'Reglas de los caballeros templarios pdf'. The ML classifier and ClamAV detection strongly indicate malicious intent, likely phishing or malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8118

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://xajibur.ru/award?keyword=reglas+de+los+caballeros+templarios+pdf PDF link annotation
    • https://uploads.strikinglycdn.com/files/d1e97ea9-9648-46ab-b8ce-aa1711ab6af6/how_to_report_lawyer_misconduct.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.