Malicious PDF — malware analysis report

Static analysis result for SHA-256 f252cf36f5a9f996…

MALICIOUS

PDF

59.9 KB Created: 2021-03-14 21:49:24 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 0587241ac44cd94bfe5b95f864e2128d SHA-1: 590ad724913ed7134e9cc6e8a87cb183c983423a SHA-256: f252cf36f5a9f9967e73239493ecad5fb22831546237e184a34a23d374a138ea
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV and contains an external URI pointing to a suspicious domain, likely for phishing or malware distribution. The document body, though heavily obfuscated, suggests a lure related to academic exercises. No scripts were extracted, but the presence of external URLs and the ClamAV detection strongly indicate malicious intent.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3620

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://golowaki.ru/award?keyword=0+1st+and+2nd+conditional+exercises+pdf
    • http://metalllift.ru/85472135725a9rdl.pdf
    • http://discovljzg.fun/shooting_drills_for_accuracy9xjuy.pdf
    • http://ourfanz.com/46321808575ci2vh.pdf
    • http://wgathering.org/3501287558dybip.pdf
    • http://fullpisetc.ru/zurafapaxotakaledokukai3rhe.pdf
    • http://gdztut.com/harry_potter_deathly_hallows_two_cast0yurf.pdf
    • http://sale-siberian-force.online/gmat_preparation_materialhzed9.pdf
    • http://fuckfrsky.com/neriganisinejegapotaaq9mc.pdf
    • http://copyrightproblem.com/xigusisilubegiguxefobosmptw1.pdf
    • http://islemleriniz.org/what_causes_canine_cognitive_dysfunction0nvzg.pdf
    • https://uploads.strikinglycdn.com/files/32988eb5-9f3e-4672-9304-c6620fe33c80/dejitoxonosutepukikutojaw.pdf
    • https://s3.amazonaws.com/napoledunadigo/27532293198.pdf
    • https://uploads.strikinglycdn.com/files/a86d8e35-6ab9-48be-91a7-fa1a13efb82e/what_is_ethical_decision_making_in_nursing.pdf
    • https://s3.amazonaws.com/mikibetiv/6221484313.pdf
    • https://s3.amazonaws.com/kewakuko/62158779559.pdf
    • https://s3.amazonaws.com/norozovijalu/angular_ng-_template_ngtemplateoutlet.pdf
    • https://uploads.strikinglycdn.com/files/0add5acd-13d0-4fe8-834b-0dd85ea2180a/physics_class_9_chapter_2_first_equation_of_motion.pdf
    • https://s3.amazonaws.com/vavapekadoliti/nitawoz.pdf
    • https://uploads.strikinglycdn.com/files/e8eef23c-63b5-4d86-a00c-16d713789c3b/using_and_understanding_mathematics_5th_edition_answer_key.pdf
    • https://uploads.strikinglycdn.com/files/08b30f9d-1ca2-430b-a76c-60c8a27c5c0c/do_taxes_pay_for_obamacare.pdf
    • https://uploads.strikinglycdn.com/files/2d5ed18e-cdab-4121-80fb-1cecf95cafbd/lefty_righty_game_thanksgiving.pdf
    • https://uploads.strikinglycdn.com/files/a856f3e0-6112-4410-bd99-3ad89718888f/77779833869.pdf
    • https://s3.amazonaws.com/xurixado/nakorogafub.pdf
    • https://s3.amazonaws.com/nijosinizo/r_programming_lab_manual.pdf
    • https://uploads.strikinglycdn.com/files/282fc660-efe5-4ab8-bfa8-7857ca400853/film_script_format.pdf
    • https://uploads.strikinglycdn.com/files/4c25414e-4e43-43b9-be3c-1b868638f550/voxevifitagawig.pdf
    • https://uploads.strikinglycdn.com/files/d04254d7-07cb-4839-b511-c1a6955b7f2e/xopebomaw.pdf
    • https://s3.amazonaws.com/sigobija/marine_weather_report_tampa_bay.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.