Malicious PDF — malware analysis report

Static analysis result for SHA-256 f02632849183b8df…

MALICIOUS

PDF

61.3 KB Created: 2021-03-12 21:06:50 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-18
MD5: 08aaf888afe92eae1f480363464cef36 SHA-1: 1950415b5cc252567dc4249737199ccd81995587 SHA-256: f02632849183b8df96bd707c388f6ec4993be593bb3720a87ce7672368f49d0f
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains a URL disguised as a document title. The ClamAV heuristic indicates it is a phishing trojan. The embedded URL points to a suspicious domain, likely intended to deliver a malicious payload or phish for credentials.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3565

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://midufefew.ru/award?keyword=baltasar+gracian+how+to+use+your+enemies+pdf PDF link annotation
    • https://cdn.sqhk.co/tajiwikiter/hOfjehh/how_to_raise_a_child_with_adhd.pdfIn PDF document text
    • https://cdn.sqhk.co/ratevusur/jFSIZHZ/williams_space_station_pinball_machine.pdfIn PDF document text
    • http://dodemul.mygamesonline.org/what_number_do_i_call_to_cancel_dish_network.pdfIn PDF document text
    • https://cdn.sqhk.co/talexadu/asMSrQ0/e_news_jobs_new_york.pdfIn PDF document text
    • https://cdn.sqhk.co/wolitobutak/ibuKVhd/72640582669.pdfIn PDF document text
    • https://cdn.sqhk.co/sirejeforox/ftgdKhg/forensics_files_worksheet.pdfIn PDF document text
    • https://cdn.sqhk.co/duwenaxiseve/vgightA/ladijaloputuno.pdfIn PDF document text
    • https://cdn.sqhk.co/tusadopovet/qiaiitT/36313800012.pdfIn PDF document text
    • https://cdn.sqhk.co/sarimotel/ibhcCEd/amazon_alexa_echo_show_8_review.pdfIn PDF document text
    • https://cdn.sqhk.co/kifukuvitog/hjh5OjO/mirrorless_camera_sale.pdfIn PDF document text
    • https://cdn.sqhk.co/sozovoja/5Zhwkig/22433602078.pdfIn PDF document text
    • https://s3.amazonaws.com/xurixado/clat_2019_answer_key_errors.pdfIn PDF document text
    • https://s3.amazonaws.com/sugowubuf/appbounty_mod_apk_2019.pdfIn PDF document text
    • https://s3.amazonaws.com/pirofopafu/insider_guides_brisbane.pdfIn PDF document text
    • https://s3.amazonaws.com/ditiruz/engineering_mechanics_statics_12th_edition_solution_manual_chapter_9.pdfIn PDF document text
    • https://s3.amazonaws.com/nosepevozux/harman_xxv_combustion_blower_noise.pdfIn PDF document text
    • https://s3.amazonaws.com/punurum/b._a._s._m_full_form.pdfIn PDF document text
    • https://s3.amazonaws.com/vovabagubajegeb/kigilidofaluxini.pdfIn PDF document text
    • https://s3.amazonaws.com/dazemi/dujewemizasewokovumugix.pdfIn PDF document text
    • https://s3.amazonaws.com/sakaburepagase/velanizomakepiduvusejiti.pdfIn PDF document text
    • https://s3.amazonaws.com/retisovojor/8949262236.pdfIn PDF document text
    • https://s3.amazonaws.com/davawina/linear_algebra_4th_edition_by_s._friedberg_a._insel_l._spence.pdfIn PDF document text
    • https://s3.amazonaws.com/dazovosugev/netunexulija.pdfIn PDF document text
    • https://s3.amazonaws.com/fajeloninesitel/berimibum.pdfIn PDF document text
    • http://pusapovewazigu.onlinewebshop.net/how_to_clean_nautilus_dishwasher.pdfIn PDF document text
    • https://s3.amazonaws.com/xapidajovaji/porsche_996_buyers_guide.pdfIn PDF document text
    • https://s3.amazonaws.com/daxemo/rajosiwajasojedug.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.