Malicious PDF — malware analysis report

Static analysis result for SHA-256 ec974f1258cc640c…

MALICIOUS

PDF

116.6 KB Created: 2021-03-19 04:15:19 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-24
MD5: 87f22da1378243e891843182f8ff27ca SHA-1: 64090c35a2f0c09a96278e58390d046593d7b880 SHA-256: ec974f1258cc640ceb8de636899fac827a816a0a467b53057801f936ff37c5af
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains an embedded URI pointing to a suspicious domain, and ClamAV detected it as a phishing trojan. The document body, though heavily obfuscated, contains text related to accounting ratios and a URL that mirrors the embedded URI, suggesting a phishing lure to download a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8950

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://xezojetit.ru/award?keyword=all+accounting+ratios+pdf PDF link annotation
    • http://loveantravel.xyz/laliguloolyo6.pdfIn PDF document text
    • https://cdn.sqhk.co/denepepunuja/0tnhfij/fawiwalidasorotamujab.pdfIn PDF document text
    • http://bitoxifa.sportsontheweb.net/15517307189.pdfIn PDF document text
    • http://dosaxixapaxa.medianewsonline.com/5707227119.pdfIn PDF document text
    • http://spoonnumberone.xyz/dikozobuew0ts.pdfIn PDF document text
    • http://kubosikavudux.mygamesonline.org/25051464520.pdfIn PDF document text
    • https://cdn.sqhk.co/sevijeruba/UvigvVI/shooters_archery_pro_shop.pdfIn PDF document text
    • http://eurostore.info/pete_the_cat_and_the_missing_cupcakes_guided_reading_levelqi2i2.pdfIn PDF document text
    • http://pasadurasasagi.medianewsonline.com/muvodazunotivetetebifegu.pdfIn PDF document text
    • http://zuwifipenabed.medianewsonline.com/15749482973.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/4345cab6-0ca4-47dd-a08e-b211733c5c52/zeradajowik.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/0d399f3e-75ad-4d69-9313-849581e6daed/does_lg_make_sound_bars.pdfIn PDF document text
    • https://s3.amazonaws.com/sixolose/99644298520.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/47d3802c-6ab1-49b9-ac5d-27dc2f090f7b/basic_first_aid_book_free_download.pdfIn PDF document text
    • https://s3.amazonaws.com/gewuwasi/1948439435.pdfIn PDF document text
    • https://s3.amazonaws.com/penale/98655066966.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/9d00299a-ced4-4d5f-8846-bf23ad136044/72998310573.pdfIn PDF document text
    • https://s3.amazonaws.com/nitajosasa/fekaruwoteditulawu.pdfIn PDF document text
    • https://s3.amazonaws.com/numegubowalonan/armalite_rifle_font_free.pdfIn PDF document text