Malicious PDF — malware analysis report

Static analysis result for SHA-256 eda1b21595230bff…

MALICIOUS

PDF

390.6 KB Created: 2020-12-19 01:19:19 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 14641b8c82a91a3cf07089d7f52ff377 SHA-1: c48fe4ea6630e017e9ce4d2475841811050aff39 SHA-256: eda1b21595230bff5c55453b1e49cbe8bb0f72acfb3e9c134311fb7f0b45b993
94 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.8663

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffnew.ru/aws?utm_term=general+motors+financial+report+1964
    • https://basitonivi.weebly.com/uploads/1/3/4/5/134584834/gowojip.pdf
    • https://boguvetasitob.weebly.com/uploads/1/3/1/3/131380850/linusisotixid-pazovavavafo.pdf
    • https://tedawubav.weebly.com/uploads/1/3/4/3/134376018/vodisujevu.pdf
    • https://vepemetamat.weebly.com/uploads/1/3/4/3/134354227/6214181.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • https://static1.squarespace.com/static/5fc54eebdf132613bbdac0d8/t/5fc6c60ca038a451bcd7bdbb/1606862350025/88376107328.pdf
    • https://static1.squarespace.com/static/5fc0f769ec917750a3d83c85/t/5fc594e42dd96f5918ad58de/1606784233708/honeywell_water_heater_control_valve_manual.pdf
    • https://static1.squarespace.com/static/5fc71f59c43b17119888dce2/t/5fca119d196a600d3c384be9/1607078304737/memes_wars_game.pdf
    • https://static1.squarespace.com/static/5fc79a0c81da8a590db17e0b/t/5fcb6bfb1df7590d80df43ec/1607166972771/52866975653.pdf
    • https://static1.squarespace.com/static/5fc0c362403f5353fd950a5e/t/5fc4fda6eaf37e3b6439364a/1606745512562/xusemalupelitiget.pdf
    • https://static1.squarespace.com/static/5fc6692c60f2895dc10d8c09/t/5fc774e96beae454316712c3/1606907113561/the_bowl_at_sugar_hill_parking.pdf
    • https://uploads.strikinglycdn.com/files/d1db4bd2-3ec3-4c3e-996c-eeaefb072931/sound_blaster_recon3di_driver_windows_10.pdf
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0005fae6.bin
ec68cec259386831102d65a2bfec557d0a88537cd6a513c4fa403c7f849e3f3b		 pdf-font-stream PDF embedded font (sfnt) at offset 0x5FAE6 5432 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.