Malicious PDF — malware analysis report

Static analysis result for SHA-256 f6e7efa4c1be36a7…

MALICIOUS

PDF

53.1 KB Created: 2021-03-25 01:48:07 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 9646e3629d0887288a3d083032afc047 SHA-1: 17eb86511877f5557253cfc0d650eaa9ba71e0ad SHA-256: f6e7efa4c1be36a7ecd198c40dcc538eb58a1b3b410f7d3c11704c1a76f1eba2
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF document that contains an embedded URI pointing to a suspicious URL. This URL is presented as a search result for 'anatomy books in urdu pdf download', suggesting a phishing or social engineering lure. The ML classifier and ClamAV detection strongly indicate malicious intent, likely to download a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8808

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://pelibifir.ru/award?keyword=anatomy+books+in+urdu+pdf+download
    • https://cdn-cms.f-static.net/uploads/4488116/normal_6012b921a331c.pdf
    • http://mitimewigupito.mypressonline.com/bixaverixo.pdf
    • http://pifedalune.medianewsonline.com/8519145655.pdf
    • http://namivuwefixixow.22web.org/badawi_book.pdf
    • https://cdn-cms.f-static.net/uploads/4405638/normal_6057b7d724290.pdf
    • http://betijeduw.getenjoyment.net/dodge_ram_2500_parts_list.pdf
    • https://static.s123-cdn-static.com/uploads/4483103/normal_5ff7b9374b15d.pdf
    • https://static.s123-cdn-static.com/uploads/4374024/normal_5fe4e7ebd69d7.pdf
    • http://tewatag.medianewsonline.com/principles_of_naval_architecture_series.pdf
    • http://pazujiz.mygamesonline.org/jazzy_select_elite_electric_wheelchair_manual.pdf
    • https://cdn-cms.f-static.net/uploads/4479226/normal_6032cc8462905.pdf
    • https://cdn-cms.f-static.net/uploads/4410679/normal_6039ed8503ed0.pdf
    • https://cdn-cms.f-static.net/uploads/4450424/normal_6047ae7fab0f0.pdf
    • https://s3.amazonaws.com/zabejuvijolu/larry_clark_tulsa_teenage_lust.pdf
    • https://s3.amazonaws.com/fupanabivote/bticino_classe_300x.pdf
    • http://sewexojin.rf.gd/mobobopijawozaxeragujuw.pdf
    • http://ketafek.epizy.com/how_to_write_user_manual_template.pdf
    • https://s3.amazonaws.com/zidosozawok/vidmate_software_for_android.pdf
    • http://wekaniloba.rf.gd/12194166727.pdf
    • http://gezibetaw.epizy.com/mekovim.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.