Malicious PDF — malware analysis report

Static analysis result for SHA-256 f3fcc1c95f15aa6a…

MALICIOUS

PDF

66.4 KB Created: 2021-06-01 09:34:26 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 3d260a98d0ac1dc8bd885e9683530107 SHA-1: 040e8675cea7c78594a04f8ed094f0b5d9126be3 SHA-256: f3fcc1c95f15aa6a95a05118ec29ded1088cb2fda133c31b02db91ca49871319
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains an embedded URI pointing to a URL associated with 'chatous mod apk 2018', suggesting a phishing or malware distribution lure. The ML classifier and ClamAV detection strongly indicate malicious intent. While no scripts were explicitly extracted, the PDF structure and embedded URI are indicative of a phishing attempt to redirect users to a malicious site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9859

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://inwebjor.ru/pbw?utm_term=chatous+mod+apk+2018
    • https://buzufurabobozu.weebly.com/uploads/1/3/5/3/135304208/6916083.pdf
    • https://cdn-cms.f-static.net/uploads/4413848/normal_5fd8fd7e66b32.pdf
    • https://giwedogifuj.weebly.com/uploads/1/3/4/7/134741463/dogixi.pdf
    • https://sikefenuvip.weebly.com/uploads/1/3/4/0/134012601/a005e68a67c902.pdf
    • https://bilewobadazape.weebly.com/uploads/1/3/2/6/132695578/wusemovaku.pdf
    • https://kobekasi.weebly.com/uploads/1/3/4/5/134588699/pumexorumuwina_diwedo_jivugoxevop.pdf
    • https://vunuvuvoxi.weebly.com/uploads/1/3/4/8/134889930/2727539.pdf
    • https://xakivemo.weebly.com/uploads/1/3/0/7/130739368/478c7c37e7.pdf
    • https://cdn-cms.f-static.net/uploads/4446378/normal_603e97c39a747.pdf
    • https://uploads.strikinglycdn.com/files/b011bf18-efc9-4f07-a67d-fce296a884a9/how_to_trade_options_india.pdf
    • https://uploads.strikinglycdn.com/files/fd0d4b47-42d3-4aff-ac89-b713b678a881/visajikerev.pdf
    • http://wuwazilizos.pbworks.com/w/file/fetch/144424767/what_are_the_different_types_of_intermolecular_forces_of_attraction_from_strongest_to_weakest.pdf
    • http://wozixokumo.pbworks.com/w/file/fetch/144434235/tips_on_how_to_write_a_metaphor_poem.pdf
    • http://palixazoke.pbworks.com/w/file/fetch/144413598/hum_aapke_hain_kaun_mp3_song_download.pdf
    • https://uploads.strikinglycdn.com/files/506bef2d-46f4-4705-989a-4f4beed79d6b/comparatif_et_superlatif_en_anglais_exercice.pdf
    • https://uploads.strikinglycdn.com/files/b9c60209-7e5b-412b-a760-20f82c9f4d2c/49753058600.pdf
    • https://uploads.strikinglycdn.com/files/46f15c1a-2175-4d12-a887-f86395a5eb58/what_replaced_the_ruger_sr9c.pdf
    • https://uploads.strikinglycdn.com/files/ee6e7967-38ea-470c-9658-5abf7d5145ad/piwitikowemegola.pdf
    • https://uploads.strikinglycdn.com/files/29b08733-285c-46f1-82e8-aa3035e7f33f/how_to_drain_a_fisher_and_paykel_dishdrawer.pdf
    • http://mapijakemifo.pbworks.com/w/file/fetch/144442557/frog_dissection_external_anatomy_worksheet_answers.pdf
    • http://mikabipi.pbworks.com/w/file/fetch/144437052/bizekidem.pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000f4ce.bin
b4ad00f733287edf68c11bbd5bbd81f48bc667275f78f5ea6ee7dcf3e5205384		 pdf-font-stream PDF embedded font (sfnt) at offset 0xF4CE 2960 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.