Malicious PDF — malware analysis report

Static analysis result for SHA-256 e80cc4f202449f45…

MALICIOUS

PDF

66.6 KB Created: 2021-05-03 20:14:21 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: ae5155ab1f8f4d36e38f9aa47de224bb SHA-1: 8f7cbdb3af5af3384510f8edec9d9cfdb0fa0df1 SHA-256: e80cc4f202449f4593c139f7ddc91f41c2ed7bdaf237d9933597062504a91ca3
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected as a malicious PDF by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The embedded URLs suggest a phishing or malware distribution scheme, likely attempting to trick users into downloading further malicious content. No scripts were extracted, but the PDF structure and heuristics point towards a phishing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7653

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.chauffeur-prive-nice.fr/wp-content/plugins/formcraft/file-upload/server/content/files/160821c54d4e7e---losufefopulutuba.pdf
    • https://www.cr-sdc.org/wp-content/plugins/super-forms/uploads/php/files/25b95cb7e4efa0e151b85d48d71526ef/rekiporumeget.pdf
    • http://www.kidnuri.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607dd18a7262e---vivir.pdf
    • https://www.hungryalex.com/wp-content/plugins/super-forms/uploads/php/files/sirkh1n75u8dppm9k198ocmkth/43583150917.pdf
    • https://choiceenergynetwork.com/wp-content/plugins/super-forms/uploads/php/files/ff002de6b0d93e780e4ea27f4ef0dfb3/17653882037.pdf
    • http://krindustria.com.br/site/wp-content/plugins/formcraft/file-upload/server/content/files/1608a680312201---gisowokobupitofi.pdf
    • http://inlikeflintlogistics.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607b5e6ee9d50---musojuturot.pdf
    • https://deltagroup.bg/uploads/file/fotugilofepusakubazilafet.pdf
    • https://www.engltg.com/wp-content/plugins/super-forms/uploads/php/files/98840f42381e1231ba192eac385af8f1/97825112179.pdf
    • https://fellowpeo.com/wp-content/plugins/super-forms/uploads/php/files/d984cd8b3d3ca42a9f2c8eddadfbc3ef/firikobevero.pdf
    • https://spencershaulageltd.co.uk/wp-content/plugins/super-forms/uploads/php/files/ad44448fec8c3489b3eff32930fbfe3f/27893724948.pdf
    • http://grupogmec.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608305b9a718c---rumotonilotosi.pdf
    • https://xn----7sbabak5acz7byau.xn--p1ai/wp-content/plugins/super-forms/uploads/php/files/0194700e48d09093599d944ac4cc3af2/japamukegixeloj.pdf
    • http://hellnocancershow.com/wp-content/plugins/formcraft/file-upload/server/content/files/160770ec747282---surunobelinabokujije.pdf
    • http://trackeg.com/en/wp-content/plugins/formcraft/file-upload/server/content/files/1606cb31c8470d---12717250617.pdf
    • http://themultifold.com/wp-content/plugins/super-forms/uploads/php/files/70orhhp2ch8eu4s24sfrmhe417/53926747240.pdf
    • https://feedproxy.google.com/~r/Uplcv/~3/GLLx1DTH0VQ/uplcv?utm_term=adobe+photoshop+cs6+action

Open this report in the interactive analyzer, or submit your own file for analysis.