Malicious PDF — malware analysis report

Static analysis result for SHA-256 f460f4ccb8ff8d43…

MALICIOUS

PDF

58.4 KB Created: 2021-03-22 11:35:48 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-25
MD5: 2ad11ea08ef9f2230540d08a6f81ea62 SHA-1: 1447fa5dc0654c1caef3bae0f3cbe813eee8e6d1 SHA-256: f460f4ccb8ff8d43e5e87edb0c2eb50f5448a394dad886b3ac4f04bf451fd4eb
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5493

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://mezovuduw.ru/aws?utm_term=annabel+lee+edgar+allan+poe+pdf PDF link annotation
    • http://jujovobima.getenjoyment.net/68078698163.pdfIn PDF document text
    • http://jetolad.iblogger.org/avid_media_composer_windows_10.pdfIn PDF document text
    • http://masuxolujetub.22web.org/unseen_comprehension_worksheets_for_grade_6.pdfIn PDF document text
    • http://ruxuzosok.mywebcommunity.org/convenios_internacionales_sobre_el_medio_ambiente.pdfIn PDF document text
    • http://gojavodevagajuw.mygamesonline.org/nisuvitunedorolezif.pdfIn PDF document text
    • http://xitabijasava.getenjoyment.net/21554593464.pdfIn PDF document text
    • http://rivuxini.66ghz.com/70445354614.pdfIn PDF document text
    • http://vivujivavo.iblogger.org/64032043708.pdfIn PDF document text
    • http://bobatinufej.rf.gd/padimilewapakonu.pdfIn PDF document text
    • https://s3.amazonaws.com/bitajemisajoz/adding_prefix_dis_worksheet.pdfIn PDF document text
    • https://s3.amazonaws.com/tugabijenovili/suzovub.pdfIn PDF document text
    • https://s3.amazonaws.com/vazisi/jarajuzukazud.pdfIn PDF document text
    • http://vumuvewegoseme.epizy.com/war_and_peace_movie_2007_cast.pdfIn PDF document text
    • http://fufawadir.epizy.com/31244265995.pdfIn PDF document text
    • https://s3.amazonaws.com/xubifupi/girabaxejuwomatixemobi.pdfIn PDF document text
    • https://s3.amazonaws.com/dotivaf/ditezemutujijozawi.pdfIn PDF document text
    • http://zawemitop.epizy.com/88257349055.pdfIn PDF document text
    • http://waxefikerulun.epizy.com/51871763459.pdfIn PDF document text
    • http://xuziruwunev.rf.gd/cuales_son_los_principios_de_asepsia_y_antisepsia.pdfIn PDF document text
    • http://meriwejun.rf.gd/13872416659.pdfIn PDF document text
    • http://wizunanaxenuxi.rf.gd/potana_bhagavatam.pdfIn PDF document text
    • https://s3.amazonaws.com/wazagidonux/speech_punctuation_worksheet_year_6.pdfIn PDF document text
    • http://mowoled.epizy.com/first_alert_carbon_monoxide_detector_red_light_blinking.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.