Malicious PDF — malware analysis report

Static analysis result for SHA-256 ee5866d75a15dab3…

MALICIOUS

PDF

66.2 KB Created: 2021-02-28 16:44:06 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-17
MD5: ecf6a1674d74421020751c2249e7df9e SHA-1: 529e27e3f134d8bf58edaf780c085fac0141e4d4 SHA-256: ee5866d75a15dab3fefe3d813d873d137dd07d62cdb6ff7a6be1b3eedbb37176
94 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The file is a PDF document flagged as malicious by ML classifiers and ClamAV. It contains an embedded URI pointing to a suspicious domain, likely intended for phishing or malware distribution. The document body, though heavily obfuscated, suggests a lure related to spiritual gifts, which is a common tactic for social engineering.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9947

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://soxebez.ru/strik?utm_term=how+to+develop+spiritual+gift+of+discernment PDF link annotation
    • https://cdn.sqhk.co/varaxupumami/jjK7j0t/vivijoxesijizowezajaj.pdfIn PDF document text
    • http://penoligis.22web.org/how_to_avoid_talking_to_someone_you_dont_like.pdfIn PDF document text
    • https://cdn.sqhk.co/wezufunin/shaEgiS/real_bike_racing_game_download_for_pc.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4476275/normal_6003dc7228fde.pdfIn PDF document text
    • https://cdn.sqhk.co/gitovera/sWfgh00/camera_sensitivity_for_pubg_mobile_lite.pdfIn PDF document text
    • http://bodugupuk.22web.org/gunizozoxukoludabavaju.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4369503/normal_5fdfa6144f9cd.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4426955/normal_5fe0b976b982b.pdfIn PDF document text
    • https://cdn.sqhk.co/xotosira/sZgibjh/idle_hero_defense_guide.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4471085/normal_6036653e46628.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://s3.amazonaws.com/bifamomove/alliance_laundry_systems_programming_manual.pdfIn PDF document text
    • https://s3.amazonaws.com/nuxomigo/best_expense_report_app_2019.pdfIn PDF document text
    • http://renubinivudeti.epizy.com/26188937314.pdfIn PDF document text
    • https://s3.amazonaws.com/matogapibelifiv/rational_functions_real_life_examples_with_answers.pdfIn PDF document text
    • https://s3.amazonaws.com/palevijuj/81652497653.pdfIn PDF document text
    • https://s3.amazonaws.com/lizuseguwix/58369799897.pdfIn PDF document text
    • https://s3.amazonaws.com/kulinisokakewi/sql_server_2008_r2_developer_edition.pdfIn PDF document text
    • https://s3.amazonaws.com/jarirotexab/anandamanandamaye_telugu_movie.pdfIn PDF document text
    • https://s3.amazonaws.com/jafujasiwetid/english_grammar_in_kannada_language.pdfIn PDF document text
    • https://s3.amazonaws.com/liguwubore/velixuwebigur.pdfIn PDF document text
    • http://scripts.sil.org/OFLIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000f43d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xF43D 5588 bytes
SHA-256: d8b987c1e5f414ce7fbcca4bc873b90903fda00d09ad54a3d1c7c14472956581

Open this report in the interactive analyzer, or submit your own file for analysis.