Malicious PDF — malware analysis report

Static analysis result for SHA-256 f5043190414d0550…

MALICIOUS

PDF

69.5 KB Created: 2021-02-28 03:44:22 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-18
MD5: 9e7dedd83962946470fc290beddf2cb7 SHA-1: 5aea28e5d8faa7fe364c8f996161f1d6c6e8b51a SHA-256: f5043190414d0550d656e9524318a3e8d92e6314f9bb564ce525bdb870b4c957
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7986

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://fokemale.ru/award?keyword=how+to+analyse+data+example PDF link annotation
    • http://lidlid.xyz/putulomevediwanakafafipirrp7i5.pdfIn PDF document text
    • https://cdn.sqhk.co/rebawigabog/azidhbC/ruxogakikunumojorobavori.pdfIn PDF document text
    • http://the-english-temple.com/balanitis_tratamiento_gpcqync9.pdfIn PDF document text
    • https://cdn.sqhk.co/mogowepuw/Libje8Z/20936202253.pdfIn PDF document text
    • https://cdn.sqhk.co/sovajepuxe/Xhjifkx/dwts_vote_text_number.pdfIn PDF document text
    • https://cdn.sqhk.co/lukapokobejo/AjeoifC/dining_table_with_bench_with_back.pdfIn PDF document text
    • https://cdn.sqhk.co/jezaziritav/iMidDih/66890085699.pdfIn PDF document text
    • http://rerubin.space/haas_rotary_indexer_manualsfv1f.pdfIn PDF document text
    • https://cdn.sqhk.co/waximanodif/nDiauic/lugusuxorej.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://s3.amazonaws.com/tobaziw/how_much_does_it_cost_to_replace_septic_tank_and_leach_field.pdfIn PDF document text
    • https://s3.amazonaws.com/navoburarovada/juvazewujuwavesejaz.pdfIn PDF document text
    • https://s3.amazonaws.com/bajapovogam/duraflame_electric_fireplace_insert_with_sound.pdfIn PDF document text
    • https://s3.amazonaws.com/boxalewijim/78234473286.pdfIn PDF document text
    • https://s3.amazonaws.com/jazuravazaguz/dewesiwuwajitinenozogi.pdfIn PDF document text
    • http://scripts.sil.org/OFLIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000f683.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xF683 5232 bytes
SHA-256: 55e6c8e164b0ce192ce85dc89854c787bfc37ab729e0c13db04ca6e88c9b23e0

Open this report in the interactive analyzer, or submit your own file for analysis.