Malicious PDF — malware analysis report

Static analysis result for SHA-256 ebc74d043573e5fb…

MALICIOUS

PDF

76.5 KB Created: 2021-08-18 21:05:37 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-23
MD5: 4962c898512b0d9aa59f77aabaf57c90 SHA-1: 8065a8e97e8df0d6d53009aab5c1b046f1a227cf SHA-256: ebc74d043573e5fbda839d8a7f06c957a80630e0f4ce1e410ea43eaed0580e95
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a phishing and trojan detection. It contains embedded URLs that lead to potentially malicious PDF files, suggesting an attempt to trick users into downloading further malware. The PDF structure and embedded URIs indicate a phishing lure, likely delivered as an attachment.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.4081

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dobrejaja.com/Upload/file/18392916356.pdf In PDF document text
    • http://lohs69.com/clients/82366/File/25488670297.pdfIn PDF document text
    • https://lacecinella.com/writable/public/userfiles/file/duzaz.pdfIn PDF document text
    • https://3dreamstudios.com/wp-content/plugins/super-forms/uploads/php/fIn PDF document text
    • https://feedproxy.google.com/~r/skout/mBVl/~3/cv9VXjIrmdE/uplcv?utm_term=mario+kart+double+dash+rom+hacksPDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.