PDF malware analysis — malicious · f4fa8a9d279f509c

MALICIOUS

PDF

53.8 KB Created: 2021-07-23 01:04:57 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-25

MD5: 2a847db17a04293294115db62fc6cd7a SHA-1: 304f3c2d3e541b988e7023d31ca79e9765eff29e SHA-256: f4fa8a9d279f509c7d9975fba3382e6783f8f081fcc28f3bdb9af674e73e8d4c

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV and an ML classifier. It contains an embedded URI that points to a URL, which is a common tactic for phishing or malware distribution. Although the URL itself was flagged as benign, the overall detection suggests malicious intent. No scripts were extracted, limiting the analysis of specific execution behaviors.

Machine Learning

Nyx PDF Classifier malicious score 0.5006

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/skout/mBVl/~3/S30rS-6n6vg/uplcv?utm_term=csr2+mod+android PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.