Malicious PDF — malware analysis report

Static analysis result for SHA-256 f34a6167f675ff3c…

MALICIOUS

PDF

51.6 KB Created: 2021-03-12 03:01:18 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 3f1716be8e5545906984902424f96425 SHA-1: 62125790a3e24aad85cee0333e2bc1b9c0a911a3 SHA-256: f34a6167f675ff3cbce2b21a03eea535c83cbee47840865ac730c69d0e6338ab
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URI pointing to a suspicious domain, flagged by heuristics and ClamAV as malicious. The document body, though heavily corrupted, suggests a lure related to setting up an outdoor timer, likely to trick the user into clicking the malicious link. The presence of embedded URLs and the ML classifier's high confidence score indicate a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7977

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://dugedepap.ru/aws?utm_term=how+to+set+a+brinks+outdoor+timer
    • https://wunobenera.weebly.com/uploads/1/3/4/8/134887230/6e52c4cac6.pdf
    • https://static.s123-cdn-static.com/uploads/4374379/normal_5ffefd7502ebe.pdf
    • https://cdn-cms.f-static.net/uploads/4488837/normal_603793ac719d9.pdf
    • https://cdn.sqhk.co/sipobufiw/bHajiYg/phoenix_airport_car_rental_map.pdf
    • https://cdn-cms.f-static.net/uploads/4425533/normal_5fd1716ce505d.pdf
    • https://static.s123-cdn-static.com/uploads/4452839/normal_5fff0e6d4d28d.pdf
    • https://cdn.sqhk.co/xekobigi/LiiK7gh/68208236871.pdf
    • https://static.s123-cdn-static.com/uploads/4383470/normal_5fcd519369369.pdf
    • https://cdn-cms.f-static.net/uploads/4453901/normal_602f422caa325.pdf
    • https://cdn.sqhk.co/bujasugawo/lhcchd8/pango_land_free_download.pdf
    • https://cdn.sqhk.co/xuzuvazol/iibhehf/midigowonojuzuwapagebamo.pdf
    • https://static.s123-cdn-static.com/uploads/4487631/normal_5fccde67e8aa3.pdf
    • https://lazekikobetilof.weebly.com/uploads/1/3/4/4/134443651/doxeniritekevip_fixoromotipem_nesenusegin.pdf
    • https://cdn.sqhk.co/lutuganoda/ggjhjha/26449581530.pdf
    • https://s3.amazonaws.com/lovomijelun/how_to_analyse_data_in_excel_youtube.pdf
    • https://3a7b682b-4b85-4b21-836a-a34929c8735b.filesusr.com/ugd/0cd3a8_216e367210774fe7b9221d4b97cf682c.pdf?index=true
    • https://s3.amazonaws.com/nolarifaforuxop/44929969980.pdf
    • https://s3.amazonaws.com/zifilobesumafi/b_boy_dance_images.pdf
    • https://bf130ee1-1463-4c69-9604-1b23772ced92.filesusr.com/ugd/b4609a_456a7ae0a4e24a54a1baf0cd5f65b137.pdf?index=true
    • https://s3.amazonaws.com/xixonu/attunity_replicate_setup_and_user_guide.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.