PDF malware analysis — malicious · e8c394c82043bdb1

MALICIOUS

PDF

55.8 KB Created: 2021-08-03 17:51:02 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3)

MD5: 93e74d35c6a7167f2dba67c034fd732f SHA-1: 0f76cabcc461fb5d5f1b3b35300f68eeb1b5dc32 SHA-256: e8c394c82043bdb17076eec31811490de8e604e45578c66314427f60b10f18b3

114 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF was identified as malicious by ClamAV and a machine learning classifier. Heuristics indicate it's an image-only document designed as a lure, containing a clickable link. The embedded URL, though marked as benign, is part of the attack chain. No scripts were extracted, limiting the analysis of the payload.

Machine Learning

Nyx PDF Classifier malicious score 0.5063

Heuristics 4

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 55 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/skout/mBVl/~3/LPIa9PGmDLg/uplcv?utm_term=addition+and+subtraction+of+polynomials+worksheet+1+answers

Open this report in the interactive analyzer, or submit your own file for analysis.