Malicious PDF — malware analysis report

Static analysis result for SHA-256 f10ae66e61458500…

MALICIOUS

PDF

66.6 KB Created: 2021-01-09 18:28:29 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 5282a06bfca950c5cbc0328cb1b5bcf0 SHA-1: 78fedf541cb9b9698dcccc9496d6fff5a54df876 SHA-256: f10ae66e614585008d9a1962a11d6885dbc45aea270662c9f686b7de4994466d
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URL, which is a common tactic for phishing or malware distribution. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded URL likely leads to a second-stage payload or phishing page.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9720

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffnew.ru/aws?utm_term=japan+guide+kyoto+imperial+palace
    • https://cdn.sqhk.co/rusukumuva/fzhjjfW/wifipanonujavelomusasaw.pdf
    • https://static.s123-cdn-static.com/uploads/4409114/normal_5fc7b58f24983.pdf
    • https://cdn.sqhk.co/dilizilozok/bibieRn/muxuxewubulejezukek.pdf
    • https://cdn.sqhk.co/marixefe/4pcokhi/kobe_and_gigi_mural.pdf
    • https://static.s123-cdn-static.com/uploads/4374021/normal_5fe14efa11c14.pdf
    • https://cdn.sqhk.co/fekesolip/e5igiaC/wujajejejujefibako.pdf
    • https://cdn.sqhk.co/mugejufunij/hhaHB6e/69612666046.pdf
    • https://cdn.sqhk.co/vovewotutal/ejdichj/51195672124.pdf
    • https://cdn.sqhk.co/pivokazi/jfgdWM6/zavetivovudugonixe.pdf
    • https://s3.amazonaws.com/kudufigunabi/nekoxudo.pdf
    • https://s3.amazonaws.com/gedimuta/forbo_marmoleum_sheet_colors.pdf
    • https://uploads.strikinglycdn.com/files/7b0dcd7a-6f1f-4def-a320-d65a18b294f5/infinite_algebra_1_two_step_equations_answers.pdf
    • https://s3.amazonaws.com/libowebujakux/50333062695.pdf
    • https://s3.amazonaws.com/megujobemegor/40848958038.pdf
    • https://uploads.strikinglycdn.com/files/ef5ba81c-750a-4e93-83e2-f36c1fb424a9/britax_marathon_car_seat_cover_replacement.pdf
    • https://s3.amazonaws.com/fixararololu/pokirexumapisozuwopimi.pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000e6a8.bin
1165e92799edd6bea6fe15bac46dac7287218e67e9eca5fdc9d220e34bb03196		 pdf-font-stream PDF embedded font (sfnt) at offset 0xE6A8 9956 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.