Malicious PDF — malware analysis report

Static analysis result for SHA-256 ea3fcee58a1bfe87…

MALICIOUS

PDF

41.6 KB Created: 2020-12-24 07:19:58 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 431c97e3e7858e89ce6d36d40e1c2ab8 SHA-1: acf932d2a83d53e680e115d9c09362cdc46fe465 SHA-256: ea3fcee58a1bfe8707b62569a29221e985edb6adbf18d69e2120dab7f8d8aa4a
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URI pointing to a suspicious domain, traffset.ru. The ClamAV detection and ML classifier indicate malicious intent, likely phishing or trojan activity. The document body, though heavily obfuscated, suggests a 'car logo quiz game answers' lure, which is a common pretext for phishing attacks.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7403

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffset.ru/aws?utm_term=car+logo+quiz+game+answers
    • https://cdn.sqhk.co/papusabefo/eigpjdg/drive_hill_mod_apk_download.pdf
    • https://cdn-cms.f-static.net/uploads/4382004/normal_5fb3006cb07af.pdf
    • https://static.s123-cdn-static.com/uploads/4409107/normal_5fdd203a18679.pdf
    • https://s3.amazonaws.com/pazifetanegapu/compuestos_inorganicos_en_la_vida_cotidiana.pdf
    • https://s3.amazonaws.com/sezewu/gekesajeruviwewosonefujim.pdf
    • https://s3.amazonaws.com/tixedujegibex/85525258814.pdf
    • https://s3.amazonaws.com/jonora/easiest_ap_classes_to_self_study.pdf
    • https://uploads.strikinglycdn.com/files/79ff34af-8c83-4ca8-af66-46127316c59e/bontrager_radiographic_positioning_p.pdf
    • https://uploads.strikinglycdn.com/files/02f48d97-02da-4714-8f82-044dc638bd48/wabakunujeb.pdf
    • https://uploads.strikinglycdn.com/files/7db193c9-12c3-4e3a-b6b0-2d2b9a26703f/59486116036.pdf
    • https://uploads.strikinglycdn.com/files/a4453bb1-60a2-4829-80b1-6e3f920dbd44/wsfcs_afm_pacing_guide.pdf
    • https://s3.amazonaws.com/rozebofukixus/zirefozar.pdf
    • https://uploads.strikinglycdn.com/files/1a7829d4-6baf-45c2-9857-1225d2c08a1a/1462421850.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.