Malicious PDF — malware analysis report

Static analysis result for SHA-256 f0409dd3b5586010…

MALICIOUS

PDF

93.9 KB Created: 2021-06-26 17:14:07 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-02
MD5: a4b942ee8c3f5ee875a3ae0915e13508 SHA-1: bc4d5e66425387dbffa37b790423537e5993fda3 SHA-256: f0409dd3b55860101c6a44a010b8c126289275490884d24d1699d3187d803677
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, with a specific detection name indicating it's a phishing trojan. An embedded URI points to a URL that, despite a benign reputation, is associated with the malicious activity. The PDF structure and heuristics suggest an attempt to exploit users via a link.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5896

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/GLLx1DTH0VQ/uplcv?utm_term=six+strings+life+goes+on+mp3+download PDF link annotation