Malicious PDF — malware analysis report

Static analysis result for SHA-256 ec7c6a04a9e41fd2…

MALICIOUS

PDF

52.6 KB Created: 2020-11-26 23:44:00 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 3f8e47169047717fb663a6a7ed043483 SHA-1: be8cd47cf58967dafc21bd888a43d6793c8bc204 SHA-256: ec7c6a04a9e41fd220df40470269c5816b15b3073958a023e0ceed7f99b2c729
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a suspicious URL and was flagged by multiple detection engines, including a machine learning classifier and ClamAV, indicating malicious intent. The document body's title suggests a lure to entice users to click the embedded URL, likely for phishing or a scam. No scripts were extracted, but the presence of an external URI and the overall detection profile point to a malicious document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8773

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffset.ru/aws?utm_term=sweet+baby+picture
    • https://uploads.strikinglycdn.com/files/24fb2c7c-cda4-4ed7-9d7c-65ca5c3af534/rewolorob.pdf
    • https://uploads.strikinglycdn.com/files/fcd75311-2255-492a-823e-6462b2eb1476/62746219639.pdf
    • https://uploads.strikinglycdn.com/files/c4e28372-0d65-45e3-ad51-e2d0a3f158ef/rixaxivobofirumoneki.pdf
    • https://uploads.strikinglycdn.com/files/d6a3fd4b-3b1f-41b0-b2ea-6e6c5bf4c4a2/lomirepud.pdf
    • https://s3.amazonaws.com/xufaxoferugod/lijusujigatu.pdf
    • https://uploads.strikinglycdn.com/files/fec35d26-10e1-42cb-87be-3471e937edbe/j_crew_necklace_lot.pdf
    • https://uploads.strikinglycdn.com/files/ea07a393-e636-452f-b750-d5e44e3d42ec/34533343088.pdf
    • https://uploads.strikinglycdn.com/files/de18457a-9bf5-4a41-9206-1a20beca26de/environment_of_the_mayan_civilization.pdf
    • https://uploads.strikinglycdn.com/files/5a2a30e0-e6ab-47ad-84f3-10a1a82e4576/suzuki_piano_vol_1_mp3.pdf
    • https://uploads.strikinglycdn.com/files/c67de44b-e1bc-44bb-a844-528a33204090/fishing_rod_terraria.pdf
    • https://uploads.strikinglycdn.com/files/d88b303f-a3e5-4b11-8a79-1b8f603bf921/15146435993.pdf
    • https://uploads.strikinglycdn.com/files/739225db-79e1-4044-946b-07ac27155554/retim_yntem_ve_teknikleri_kpss_km_sorular.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.